SAP Knowledge Base Article - Public

2290788 - Cross-protocol attack on TLS using SSLv2

Symptom

Cause

  • A cross-protocol attack dubbed ‘Drown’ was discovered, which if exploited could lead to decryption of TLS sessions by using a server supporting SSLv2 and exporting cipher suites as a Bleichenbacher RSA padding oracle.
  • Traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server.
  • Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server.

Resolution

  • Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if not done already.
  • Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed.
  • Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers.
  • SuccessFactors is NOT vulnerable to the ‘DROWN’ issue because SSLv2 and SSLv3 are disabled on server side.

Keywords

cybersecurity, Secure Sockets Layer, Transport Layer Security , KBA , LOD-SF-PLT-SEC , Security & Permissions , Problem

Product

SAP SuccessFactors HCM Core 1602