Alerts and Advisories

Advisory: DROWN vulnerability

Created:  02 Mar 2016
Updated:  02 Mar 2016

Originally published by CERT-UK (now a part of the National Cyber Security Centre)

Executive summary

A newly discovered OpenSSL security vulnerability, dubbed DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), enables a 20 year old and long deprecated security protocol, Secure Sockets Layer (SSLv2), to be used to attack modern websites.

An attack exploiting this could decrypt secure HTTPS communications, which can be used to protect sensitive data in transit between your browser and the server. It is estimated that at least one-third of all websites could be vulnerable; although a high number, this is significantly less than was seen with Heartbleed.

A patch is available (details below), but now the vulnerability has been made public, it is likely malicious actors will try to exploit it.

What is it?

DROWN, a new vulnerability in OpenSSL that affects servers using SSLv2, is an attack that could decrypt secure HTTPS communications, which can be used to protect data such as passwords or credit card numbers in transit between your browser and the server. It allows attackers to decrypt HTTPS by sending specially crafted packets to a server or if the certificate is shared on another server, effectively performing a man-in-the-middle attack.

The vulnerability was revealed as part of an OpenSSL update and as such, a patch is already available. Although SSLv2 dates back to the 1990s it is frequently enabled by accident or automatically when setting up a new server, which is why DROWN can still be a major issue today.

According to the website for DROWN, under specific circumstances (to be successful the attack needs a privileged level of access to network traffic) the attack can take a short period of time and it is likely that malicious actors will look to exploit this vulnerability now that it has been disclosed.

What is affected?

According to the researchers who found the flaw, this vulnerability could affect a third of all websites, estimated to be as many as 11.5 million servers – this number is significantly less than we saw with Heartbleed, but clearly still sizeable.

Some of Alexa’s leading websites are vulnerable to DROWN-based man-in-the-middle attacks, including websites of high profile multinational companies.

Obsolete services known to still be in use, including Microsoft Internet Information Services (IIS) versions 7, and editions of Network Security Services (NSS), a common cryptographic library built into many server products prior to 2012’s 3.13 version, are vulnerable and open to attack.

How easy is it to fix?

OpenSSL 1.0.2 users should upgrade to 1.0.2g. OpenSSL 1.0.1 users should upgrade to 1.0.1s. Users of other versions should move to 1.0.2g or 1.0.1s.

Besides the OpenSSL patches, which are available as source code, other firms – including Canonical, Red Hat, and SUSE Linux – will all be delivering the patches shortly.

What can be done?

You can find out if your site is vulnerable using the DROWN attack test site: Please note that, as stated on the website, this checker uses data collected during February 2016 and does not regularly update. Recently patched servers may therefore continue to show as being vulnerable even if they are not.

Aside from patching, to defend against the attack, you should ensure SSLv2 is disabled, or make sure that the private key is not shared across any other servers. Those vulnerable do not need to re-issue certificates, but should take action to prevent the attack immediately.

Was this information helpful?

We need your feedback to improve this content.

Yes No