DROWN attack sinks security for millions of websites
Security researchers reveal new technique to break TLS using SSLv2 server.
This article was originally featured in NetworkWorld
Image credit Victor Cruz
By Michelle Drolet
Founder & CEO
Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of,
Read More3 Minute 11 Second Read
March 8, 2016
If you’re wondering, DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption. In the paper, DROWN: Breaking TLS using SSLv2, the researchers describe the method as a “cross-protocol attack that can decrypt passively collected TLS sessions from up to-date clients by using a server supporting SSLv2 as a Bleichenbacher RSA padding oracle.”
The problem afflicts servers and clients using the TLS encryption protocol that are misconfigured to support the obsolete SSLv2 standard. If the server allows SSLv2 connections or its private key can be used on another server that allows SSLv2 connections, then it’s vulnerable to the DROWN attack.
The attack is able to “decrypt a TLS 1.2 handshake using 2048-bit RSA in under 8 hours using Amazon EC2, at a cost of $440.” But the researchers say that combining the attack with another newly discovered vulnerability in OpenSSL, present in releases from 1998 to early 2015, makes even cheaper attacks possible.
Legacy support for outdated protocols like this is at the heart of the flaw. Many felt that there was no point in disabling SSLv2 because no browsers were using it anyway. It was originally released in 1995, but quickly phased out because of significant weaknesses. DROWN proves that even obsolete cryptography can be dangerous.
Misconfiguration or inappropriate default settings are what’s enabling attackers to exploit it, and SSLv2 support should be completely disabled. Misconfigurations and unpatched software continue to be the main culprits in serious data breaches over the last few years. Known vulnerabilities pose the biggest IT security threats because most companies are very slow to address them. Even two months after the Heartbleed vulnerability was revealed in 2014, the Errata Security blog revealed that 300,000 servers were still vulnerable to it.
Disabling SSLv2 on servers and ensuring that private keys are not being used anywhere with server software that allows SSLv2 connections is the way to deal with the DROWN threat. That means looking at any software supporting SSL or TLS, including web servers, and SMTP, IMAP, and POP email servers.
The researchers have included instructions and a useful F.A.Q. at the DROWN Attack website, so anyone concerned about this vulnerability can check whether they’re afflicted and take the appropriate action immediately.
It’s not the first time that out-of-date technology has caused security issues, the FREAK flaw was similar. There’s some hope that incidents like this will provoke a more proactive approach to removing obsolete cryptography in the future.
This article was originally featured in NetworkWorld
Image credit Victor Cruz
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |