Vulnerability Note VU#583776
Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack
Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. This is known as the "DROWN" attack in the media.
According to the researcher, "DROWN" is a new form of cross-protocol Bleichenbacher padding oracle attack. An attacker using "DROWN" may obtain the session key from a vulnerable server supporting SSLv2 and use it to decrypt any traffic encrypted using the shared certificate.
It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key."
A remote attacker may be able to decrypt individual messages/sessions of a server supporting SSLv2. Servers using TLS protocol with the same shared certificate as is used for SSLv2 may also be vulnerable. According to the DROWN FAQ, the server private key is not obtained from this attack.
Vendor Information (Learn More)
On Linux, nginx may or may be affected depending on what version of OpenSSL nginx was compiled with. See the vendor list below or contact your vendor to determine if your release of nginx is affected.
|Vendor||Status||Date Notified||Date Updated|
|ECSystems.nl||Affected||-||14 Mar 2016|
|OpenSSL||Affected||-||02 Mar 2016|
|Apache-SSL||Unknown||-||01 Mar 2016|
|CentOS||Unknown||-||14 Mar 2016|
|Debian GNU/Linux||Unknown||-||14 Mar 2016|
|Microsoft Corporation||Unknown||-||01 Mar 2016|
|Mozilla||Unknown||-||01 Mar 2016|
|nginx||Unknown||-||14 Mar 2016|
|openSUSE project||Unknown||-||14 Mar 2016|
|Postfix||Unknown||-||01 Mar 2016|
|Red Hat, Inc.||Unknown||-||14 Mar 2016|
|SUSE Linux||Unknown||-||14 Mar 2016|
|Ubuntu||Unknown||-||14 Mar 2016|
CVSS Metrics (Learn More)
Thanks to Nimrod Aviram for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-0800
- Date Public: 01 Mar 2016
- Date First Published: 01 Mar 2016
- Date Last Updated: 14 Mar 2016
- Document Revision: 75
If you have feedback, comments, or additional information about this vulnerability, please send us email.