DROWNing HTTPS
The DROWN (CVE-2016-0800) vulnerability identifies a server that is open to a non-trivial attack that relies on SSLv2 support, to which at least a third of all internet servers were vulnerable as of March 2016. Attackers will take advantage of SSLv2 supported by an application using the same keys as are used to salt or help randomize TLS (the more recent protocol versions). By initiating tens of thousands of SSLv2 messages, they are able to glean the keys used in more robust and current versions of TLS, and thus break the higher-grade encryption with stolen private keys. Once thought to be impractical based on the sheer number of messages believed to be needed; they also call this the million message attack; it is now known to be achievable through commercially available resources in hours using tens of thousands of messages.
Detecting DROWN vulnerabilities is as simple as seeing if SSLv2 is supported on the target server or any other servers sharing the same keys. Another tool that can be used to identify the vulnerability is located on the http://test.drownattack.com website.
No comments:
Post a Comment