ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    DROWN Vulnerability

    IT Discussion
    ssl tls vulnerability
    3
    3
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stacksofplatesS
      stacksofplates
      last edited by stacksofplates

      Just got this email from Red Hat

      Red Hat Product Security has been made aware of a vulnerability in the SSLv2 protocol, which has been assigned CVE-2016-0800 and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. All implementations of SSLv2 are affected.

      DROWN is a new cross-protocol attack that can be used to passively decrypt collected TLS sessions from up-to-date clients by using a server which supports SSLv2. This issue overall is rated IMPORTANT by the Red Hat Product Security Team.

      Determine if you are impacted and view the resolution in this Red Hat Customer Portal Vulnerability Response.

      If you have questions or concerns, please contact Red Hat Technical Support.

      Here's the link

      https://access.redhat.com/security/vulnerabilities/drown

      1 Reply Last reply Reply Quote 2
      • travisdh1T
        travisdh1
        last edited by

        SSLv2 shouldn't be running in the first place anymore. Ref: SSL Labs Documentation

        1 Reply Last reply Reply Quote 1
        • aaron-closed accountA
          aaron-closed account Banned
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 2
          • 1 / 1
          • First post
            Last post