- A cross-protocol attack dubbed ‘Drown’ was discovered, which if exploited could lead to decryption of TLS sessions by using a server supporting SSLv2 and exporting cipher suites as a Bleichenbacher RSA padding oracle.
- Traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server.
- Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server.
- Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if not done already.
- Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed.
- Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers.
SuccessFactors is NOT vulnerable to the ‘DROWN’ issue because SSLv2 and SSLv3 are disabled on server side.
cybersecurity, Secure Sockets Layer, Transport Layer Security , KBA , LOD-SF-PLT-SEC , Security Reports , Problem