0.952 High
EPSS
Percentile
99.4%
Hi,
I want to report a drown attack in *.owncloud.com.
A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and
non-vulnerable servers can be decrypted provided another server supporting
SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or
POP) shares the RSA keys of the non-vulnerable server. This vulnerability is
known as DROWN (CVE-2016-0800).
You can check here: https://test.drownattack.com/?site=owncloud.com
0.952 High
EPSS
Percentile
99.4%