What is Drown Attack | blog-windows Blog

Drown Attack



Full Form:

“Decrypting RSA with Obsolete and Weakened eNcryption”

What is Drown Attack?

Drown Attack is newly discovered vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security.
These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

More technical details and a list of the top vulnerable websites are available on the DROWN Attackwebsite.

How To Check Drown Attack?

Visit: https://test.drownattack.com/ to verify web site vulnerable or not.

Mitigation Process:

There are certain ways to patch it.

  • OpenSSL 1.0.2 users are strongly advised to upgrade to OpenSSL 1.0.2g
  • OpenSSL 1.0.1 users are recommended to upgrade to OpenSSL 1.0.1s.
  • If any other version of OpenSSL for security is used, move them up to the newer versions 1.0.2g or 1.0.1s.


In order to protect against the DROWN attack, it is recommended to ensure SSLv2 is disabled


For More Info Visit: https://drownattack.com/
Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing

Sign up here with your email address to receive updates from this blog in your inbox.