DROWN Vulnerability — More Like A Doggy Paddle
back to BLOG

DROWN Vulnerability — More Like A Doggy Paddle

David Robinson

You may have heard of the new DROWN vulnerability as it’s been in the news a fair bit over the past couple of days.

We’re glad to say, we’ve already checked our customers’ systems, but, even if you’re not using Intruder’s continuous monitoring service yet, DROWN isn’t something to get in a panic about.

If successfully exploited, the DROWN vulnerability can allow an attacker to decrypt encrypted network traffic between a client and server. It is however, not easy to exploit and requires the following conditions in order to be exploitable:

As it’s a theoretically possible attack, but difficult to exploit in practice, we do not expect to see widespread exploitation of DROWN. That said, all your servers should already be using TLS to secure communications instead of the long deprecated SSL protocols.

For those interested, the technical details of the vulnerability can be found at https://drownattack.com/drown-attack-paper.pdf

Get Our Free "Ultimate Guide to Vulnerability Scanning"
Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Written by

David Robinson

Recommended articles

Ready to get started with your 30-day trial?

try for free