DROWN Attack on TLS – Everything You Need To Know

Use Netsparker


So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK.

DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete and Weakened eNcryption.

DROWN Attack

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

The full technical paper is available here: drown-attack-paper.pdf [PDF]

In some ways this is just a new, improved, stronger version of the earlier Bleichenbacher attack.

A typical scenario requires the attacker to observe 1,000 TLS handshakes, then initiate 40,000 SSLv2 connections and perform 250 offline work to decrypt a 2048-bit RSA TLS cipher-text.

If any other server uses the same private key and allows SSLv2 connections, even for completely different protocol, you could be vulnerable. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server.

Ouch.


In a worst case scenario and with adequate processing power, this could mean a real time man-in-the-middle attack is possible.

Am I vulnerable?

If you have any servers, anywhere with SSLv2 enabled – then yes. If you share private keys (that includes with a CDN provider, mail server, DNS server etc) you could be in worse trouble. Even if your web server doesn’t have SSLv2 enabled, you are still vulnerable.

How do I protect myself

For most of Linux bods, OpenSSL already released a patched version of their library last Tuesday – if you haven’t already installed it please do so ASAP.

On Ubuntu it’s as simple as doing aptitude update; aptitude safe-upgrade -y; and then restarting all relevant services, or simply rebooting.

Check your OpenSSL build date – it should be February 29th for you to be safe:

For nginx, newer versions disable SSLv2 by defauly anyway, but if you want to be sure use the following:

And for Apache:

So go and patch, and if you’re not sure about the implications of this attack I suggest regenerating your private keys, regenerate new SSL certs and install those after patching and blocking SSLv2 from all your services.

The official site for the attack can be found here: https://drownattack.com/

More Reading

Reddit: The DROWN Attack
One-third of all HTTPS websites open to DROWN attack
DROWN Vulnerability Hits SSL/TLS, but It’s No Heartbleed

Posted in: Cryptography, Exploits/Vulnerabilities

,


Latest Posts:


CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.
MyEtherWallet DNS Hack Causes 17 Million USD User Loss MyEtherWallet DNS Hack Causes 17 Million USD User Loss
Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.


One Response to DROWN Attack on TLS – Everything You Need To Know

  1. Cliff March 8, 2016 at 10:58 pm #

    Hi, DROWN does not expose your private Keys. It exposes the session keys to allow a session to be decrypted. Please see the openssl blog posting FAQ question on that specific point – https://openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/.

    Regards,