A recently announced attack known as DROWN (Decrypting RSA using Obsolete Weakened eNcryption) exploits SSL/TLS vulnerabilities. DROWN is an attack that allows decryption of intercepted data and can also allow man-in-the middle attacks.
Vulnerable systems include:
- Servers that support SSLv2 – allows for a cross-protocol attack whereby an attacker could decrypt TLS sessions between clients and hosts that support SSLv2 and export cipher suites. This vulnerability also allows for the decryption of traffic between clients and even non-vulnerable servers, if another server supporting SSLv2 and export ciphers shares the RSA keys of the non-vulnerable server.
- Unpatched OpenSSL servers – This vulnerability dramatically increases the efficiency and danger of the DROWN attack by making it effective against even the stronger, non-export-grade cipher suites with very little computation time required.
Action Steps:
- Disable SSlv2 protocol in all SSL/TLS servers. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed. Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197, are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers.
- Upgrade OpenSSL to the latest. We strongly recommend eliminating all SSL support in favor of TLS.
References:
[1] https://www.openssl.org/news/secadv/20160301.txt
[2] https://www.drownattack.com/
[3] https://drownattack.com/#faq-factors
[5] https://www.openssl.org/news/secadv/20160301.txt
[7] https://drownattack.com/#faq-mitm
[8] https://drownattack.com/#faq-update