Drown Attack
Full Form:
“Decrypting RSA with Obsolete and Weakened eNcryption”
What is Drown Attack?
Drown Attack is newly discovered vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security.
These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.
More technical details and a list of the top vulnerable websites are available on the DROWN Attackwebsite.
How To Check Drown Attack?
Visit: https://test.drownattack.com/ to verify web site vulnerable or not.
Mitigation Process:
There are certain ways to patch it.
- OpenSSL 1.0.2 users are strongly advised to upgrade to OpenSSL 1.0.2g
- OpenSSL 1.0.1 users are recommended to upgrade to OpenSSL 1.0.1s.
- If any other version of OpenSSL for security is used, move them up to the newer versions 1.0.2g or 1.0.1s.
In order to protect against the DROWN attack, it is recommended to ensure SSLv2 is disabled
For More Info Visit: https://drownattack.com/
Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing