SSL DROWN attack

There's a new SSL/TLS attack called DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). It's not quite as bad as Heartbleed, but it potentially affects a significant percentage of HTTP servers (33%!), as well as mail servers and anything else using SSL.

The vulnerability is in the obsolete SSL 2.0 protocol - fortunately not supported by our server, CompleteFTP, which is unaffected. A flaw in SSL 2.0 allows an attacker to get access to the private session keys of currently connected user sessions. This permits the attacker to decrypt anything the user is sending to the server, which for web servers will include sensitive data such as credit cards, bank account details and passwords.

Many servers still support SSL 2.0 and are therefore vulnerable to this attack, even though SSL 2.0 is rarely used. It isn't only web servers that could be affected, but any server that uses SSL, including mail servers. You can check if your server is susceptible here.

There's a very straightforward solution - disable SSL 2.0 in every server application that uses SSL/TLS, including web servers and mail servers. There's nothing that can be done to web browsers to prevent these attacks - it's a server-only issue. If your server uses OpenSSL, you should upgrade to the latest version as per these instructions. Otherwise contact your server vendor.

More technical details on DROWN can be found here and here.

Posted by John Faulds in