The news that millions of OpenSSL secured websites that are now at risk due to the new DROWN attack, Security experts from Rapid7 and Black Duck have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 :
The work behind today’s DROWN attack announcement represents the very best of open, collaborative, international security research. Academics and professionals actively probing the edges of practical cryptanalysis is the open source security promise.
In the case of DROWN, the attacker does have to be in a privileged position on the network in order to eavesdrop on a TLS session, and also needs to have already conducted some reconnaissance on the server-side infrastructure, but this is the nature of padding oracle attacks. While it’s not Heartbleed, DROWN techniques do demonstrate the weaknesses inherent in legacy cryptography standards.
I’m looking forward to the release of exploit code so that system administrators can demonstrate for themselves the practical effects of DROWN. In the meantime, sysadmins should ensure that all their cryptographic services have truly disabled the old and deeply flawed SSLv2 protocol, and consider the cost and effort associated with providing unique private keys for their individual servers.[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Randy Kilmon, Vp Engineering at Black Duck:
“The DROWN vulnerability, which international researchers warned Tuesday could impact 11 million websites, is the latest on a very long list of security holes associated with the SSL2.0 protocol. SSL is NOT an encryption format, rather, it’s a protocol for negotiating the type of encryption used to establish a secure connection over the network. Through this process, client and server will “agree” to a mutually supportable encryption cypher.
SSL2 is fundamentally insecure in that it does the “handshake” over an unencrypted connection and without authentication. A “man in the middle” can force “agreement” to a very weak cypher rather than a very strong one. This flaw was initially reported in 1996 and was subsequently fixed in SSLv3. No modern browsers support SSLv2 by default.
Users can avoid DROWN by disabling the SSLv2 protocol in all their SSL/TLS servers (if they’ve not done so already). Disabling all SSLv2 ciphers is also sufficient if the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed.
Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers.”[/su_note]