DROWN Vulnerability — More Like A Doggy Paddle
back to BLOG

DROWN Vulnerability — More Like A Doggy Paddle

David Robinson

You may have heard of the new DROWN vulnerability as it’s been in the news a fair bit over the past couple of days.

We’re glad to say, we’ve already checked our customers’ systems, but, even if you’re not using Intruder’s continuous monitoring service yet, DROWN isn’t something to get in a panic about.

If successfully exploited, the DROWN vulnerability can allow an attacker to decrypt encrypted network traffic between a client and server. It is however, not easy to exploit and requires the following conditions in order to be exploitable:

As it’s a theoretically possible attack, but difficult to exploit in practice, we do not expect to see widespread exploitation of DROWN. That said, all your servers should already be using TLS to secure communications instead of the long deprecated SSL protocols.

For those interested, the technical details of the vulnerability can be found at https://drownattack.com/drown-attack-paper.pdf

Written by

David Robinson

Recommended articles

Ready to get started with your 30-day trial?

try for free