DROWN Attack: TLS compromised with SSLv2

SSL version 2 is insecure and obsolete since the nineties. Nevertheless it is activated on more than 30% of all internet servers worldwide. This is the starting point of the new DROWN attack, which allows attackers even to break the encryption of the newest version of TLS 1.2. 

CycleSEC co-founder Prof. Dr. Sebastian Schinzel from the University of Applied Sciences Münster is one of the heads behind the DROWN research. The international research team consists of 15 persons from five universities or eight organizations. DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption.

DrownTLSBanner

About the attack

The group of researchers around Nimrod Aviram and Sebastian Schinzel shows in their paper how to decrypt a previously recorded TLS session. DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. The measurements of the researchers indicate 33% of all HTTPS servers are vulnerable to the attack.

Websites, mail servers, and other TLS-dependent services are at risk for the DROWN attack, if they still support SSLv2. Supporting SSLv2 was not considered a security problem in the past, because clients never used it. The paper now shows that supporting SSLv2 is a threat even for up to date connections via TLS.

The idea which lead to the research results goes back to a conversation between Nimrod Aviram and Sebastian Schinzel a year ago. The scenario was complemented by other researchers within the last year.

On one level with BEAST, POODLE and Co.

The attack is considered to be as critical as BEAST, CRIME, Logjam, FREAK, POODLE or other known attacks against SSL/TLS.

Typical scenarios

The researchers have been able to execute the attack against OpenSSL versions that are vulnerable to CVE-2016-0703 in under a minute using a single PC.

Even for servers that don’t have these particular bugs, the general variant of the attack, which works against any SSLv2 server, can be conducted in under 8 hours at a total cost of $440.

More information

You will find more information about DROWN on the website DROWNattack.com. The website also provides a FAQ section and access to the database of the researchers, so that you can check, if your website was vulnerable to DROWN during the research scans.

Reference documents

CycleSEC CTO Prof. Dr. Sebastian Schinzel will be at the RuhrSec Conference at Ruhr-University Bochum with a talk about DROWN at 29.04.2016.

Media coverage (selection)

Leave a Reply