The SSLv2 protocol, as used in OpenSSL prior to 1.0.1s and 1.0.2 prior to 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote malicious users to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.0.1m |
||
openssl openssl 1.0.2a |
||
openssl openssl 1.0.1j |
||
openssl openssl 1.0.1 |
||
openssl openssl 1.0.1h |
||
openssl openssl 1.0.2e |
||
openssl openssl 1.0.1r |
||
openssl openssl 1.0.2b |
||
openssl openssl 1.0.1c |
||
openssl openssl 1.0.1g |
||
openssl openssl 1.0.1a |
||
openssl openssl 1.0.1d |
||
openssl openssl 1.0.2c |
||
openssl openssl 1.0.2 |
||
openssl openssl 1.0.1p |
||
openssl openssl 1.0.1k |
||
openssl openssl 1.0.1b |
||
openssl openssl 1.0.1n |
||
openssl openssl 1.0.1q |
||
openssl openssl 1.0.1e |
||
openssl openssl 1.0.1l |
||
openssl openssl 1.0.1f |
||
openssl openssl 1.0.1o |
||
openssl openssl 1.0.2f |
||
openssl openssl 1.0.1i |
||
openssl openssl 1.0.2d |
||
pulsesecure steel belted radius - |
||
pulsesecure client - |
Just set SSLv2 on fire
Security experts are split on how easy it is for hackers to exploit the high-profile DROWN vulnerability on insecure systems. One-third of all HTTPS websites are potentially vulnerable to the DROWN attack, which was disclosed on Tuesday. DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects network services that rely on SSL and TLS. An attacker can exploit support for the obsolete SSLv2 protocol – which modern clients have phased ou...
Hackers can break TLS using SSLv2
Security researchers have discovered a new technique for deciphering the contents of supposedly secure communications. The DROWN attack - it has already got a name, like recent high profile crypto attacks Lucky13, BEAST, and POODLE - is a “cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients”. One version of the attack exploits a combination of thus far unnoticed protocol flaws in SSLv2 to develop a new and stronger variant of the earlier Bleichenba...