4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.952 High
EPSS
Percentile
99.4%
Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. This is known as the “DROWN” attack in the media.
According to the researcher, “DROWN” is a new form of cross-protocol Bleichenbacher padding oracle attack. An attacker using “DROWN” may obtain the session key from a vulnerable server supporting SSLv2 and use it to decrypt any traffic encrypted using the shared certificate.
It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key."
The SSLv2 protocol is the only protocol directly impacted; however, the researcher’s website states that many servers may use a shared certificate between the SSLv2 and the newer TLS protocols. If so, if the certificate is decrypted via SSLv2, then the TLS protocol using the shared certificate can be decrypted as well. The attack requires approximately 1000 SSL handshakes to be intercepted for the attack to be effective.
The researchers have also released a DROWN attack check tool and an FAQ that provides more complete information.
A remote attacker may be able to decrypt individual messages/sessions of a server supporting SSLv2. Servers using TLS protocol with the same shared certificate as is used for SSLv2 may also be vulnerable. According to the DROWN FAQ, the server private key is not obtained from this attack.
Disable SSLv2
Network administrators should disable SSLv2 support. The researchers have provided more information on how to disable SSLv2 for various server products.
SSLv2 has been deprecated since 2011.
Do not reuse SSL certificates or key material
This issue can be mitigated on TLS connections by using unique SSL keys and certificates. If possible, do not reuse key material or certificates between SSLv2 and TLS support on multiple servers.
Monitor network and use firewall rules
We recommend enabling firewall rules to block SSLv2 traffic. Since the attack requires approximately 1000 SSL handshakes, network administrators may also monitor logs to look for repeated connection attempts. However, this data may also be obtained via man-in-the-middle or other attacks, not solely from direct connections.
On Linux, nginx may or may be affected depending on what version of OpenSSL nginx was compiled with. See the vendor list below or contact your vendor to determine if your release of nginx is affected.
583776
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: March 14, 2016
Statement Date: March 10, 2016
Affected
“Our version comes with a preferred cipher list which has mitigated SSLv2 issues since march 2015, our latest version 1.9.13.1 was released on 2 march 2016 with Openssl 1.0.2g which has the additional fix(es) for VU#583776.”
ECSystems.nl supports NGINX for Windows
Updated: March 02, 2016
Affected
We have not received a statement from the vendor.
OpenSSL 1.0.2g and 1.0.1s have been released to address this vulnerability. Please see OpenSSL’s security advisory at the URL below.
A 3rd-party tool <http://testssl.sh/> is available to check for security issues, including this one.
Another option for network administrators to determine if a server supports SSLv2 is to use the following command:
openssl s_client -connect host:443 -ssl2
If certificate information is returned, then SSLv2 is supported. It has been reported that this command may not work on Ubuntu or Debian systems.
Updated: March 01, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 14, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 14, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 01, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 01, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 01, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 14, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 14, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 14, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 14, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
nginx may or may be affected depending on what version of OpenSSL it was compiled with. Contact your vendor to determine if your release of nginx is affected.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23583776 Feedback>).
Updated: March 14, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 13 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 7.1 | AV:N/AC:H/Au:N/C:C/I:C/A:N |
Temporal | 6.1 | E:POC/RL:W/RC:C |
Environmental | 6.5 | CDP:ND/TD:H/CR:H/IR:H/AR:ND |
Thanks to Nimrod Aviram for reporting this vulnerability.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2016-0800 |
---|---|
Date Public: | 2016-03-01 Date First Published: |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.952 High
EPSS
Percentile
99.4%