Drown Attack
Full Form:
“Decrypting RSA with Obsolete and Weakened eNcryption”
What is Drown Attack?
Drown Attack is newly discovered vulnerability that affects
HTTPS and other services that rely on SSL and TLS, some of the essential
cryptographic protocols for Internet security.
These protocols allow everyone on the Internet to browse the
web, use email, shop online, and send instant messages without third-parties
being able to read the communication.
More technical details and a list of the top vulnerable
websites are available on the DROWN Attack
website.
How To Check Drown Attack?
Visit: https://test.drownattack.com/ to verify web site vulnerable or not.
Mitigation Process:
There are certain ways to patch
it.
- OpenSSL 1.0.2 users are strongly advised to upgrade to OpenSSL 1.0.2g
- OpenSSL 1.0.1 users are recommended to upgrade to OpenSSL 1.0.1s.
- If any other version of OpenSSL for security is used, move them up to the newer versions 1.0.2g or 1.0.1s.
In order to protect against the DROWN attack, it is recommended to ensure SSLv2 is disabled
For More Info Visit: https://drownattack.com/
Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
What is Drown Attack | Blackhattrick Blog
Reviewed by BlackHat
on
8:49 AM
Rating:
Reviewed by BlackHat
on
8:49 AM
Rating:
