Drown (RSA decrypting With Obsolete and Weakened encryption) is a serious vulnerability that affects HTTPS and other services that depend on SSLv2 and TLS protocols.
Drown, identified as CVE-2016-0800, allows attackers to break the encryption, read and steal sensitive communications, including passwords, credit card numbers, trade secrets or financial information. Drown allows an attacker to decrypt TLS connections, by using a server that supports SSLv2 cipher suites and category EXPORT, intercepted by connections created specifically to a SSLv2 server that uses the same private key.
According to the current measurements, 33% of all HTTPS servers are vulnerable to this new attack. Drown worse if the server also has two additional OpenSSL vulnerabilities: CVE-2015-3197, which affects versions of OpenSSL before 1.0.2f and 1.0.1r and, CVE-2016-0703, which affects earlier versions of OpenSSL to 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These two vulnerabilities significantly reduce the time and cost of carrying out the Drown attack. By the discovery, researchers have been able to execute the attack in less than a minute using a single computer. Even for servers that do not have these particular errors, a general variant of the attack, which works against any SSLv2 server, can be performed in less than 8 hours. There are currently about 11.5 million vulnerable websites and administrators of these servers must take immediate action. Customers cannot and should not do anything. The modern servers use encryption protocol TLS but due to misconfigurations, many servers could still support SSLv2, a protocol of 1995 and that current customers no longer use.
Although SSLv2 is known to be very insecure, so far it did not care and was not considered a security problem because customers never use them. Now, Drown shows that it only provide support SSLv2 which is a threat for clients and servers because it allows an attacker to decrypt TLS connections sending “evidence” through the SSLv2 protocol and using the same private key.
In technical terms, Drown attack is a variant of cross-platform Bleichenbacher Padding Oracle potentially allowing intercept and decrypt TLS connections creating a specially crafted SSLv2 server that uses the same private key connections. This type of attack uses bugs in the implementation of a protocol (SSLv2 in this case) to attack the security of connections made under a totally different protocol (TLS). More specifically, Drown is based on the observation that SSLv2 and TLS support the RSA protocol, while TLS protects against certain well – known attacks, export SSLv2 suites do not.
To protect against Drown, managers must ensure that their private keys are not reused in any other type of server that allows SSLv2 connections. This includes web servers, SMTP servers, IMAP and POP and any other software that supports SSL / TLS. You can use the above form to check if the server seems to be exposed to attack. Disabling SSLv2 can be complicated and depends on the specific server software.
OpenSSL: The easiest and recommended solution is to upgrade to a newer version of OpenSSL. OpenSSL 1.0.2 should be updated to 1.0.2g and 1.0.1 should upgrade to OpenSSL 1.0.1s. Older versions should upgrade to one of these versions. OpenSSL has released the update that disables SSLv2 by default and eliminates support for SSLv2 EXPORT, following the RFC 6176.
OpenSSL has already patched and others like Canonical, Red Hat and SUSE publish updates in the coming hours. Fedora is not vulnerable because it has been disabled since 2014. SSLv2 has released OpenSSL 1.0.2g and 1.0.1s versions.
Microsoft IIS (Windows Server): IIS 7.0, SSLv2 is disabled by default and if you have manually activated should be disabled. Earlier versions are not supported by Microsoft and should be updated.
Network Security Services (NSS): NSS is a cryptographic library built into many server products. NSS 3.13 (2012) has SSLv2 disabled by default. Those who have activated it manually should disable it. Users of earlier versions should update. It is also recommended to check if the private key is exposed to another type of server.
Drown has published the [PDF]: Breaking SSLv2 using TLS which includes all the technical details of the vulnerability and a FAQ with the most frequently asked questions. Matthew Green, a professor at Johns Hopkins University, published a post explaining how Drown works, similarly Ivan Ristic , Director of SSL Labs.
Patil Lane , College Road,
Nashik - 422005.
Phone : +91.9028888645