SSLv2 Cross-Protocol Session Decryption Vulnerability (DROWN)

Medium Nessus Network Monitor Plugin ID 9127

Synopsis

The remote host may be affected by a vulnerability which would allow a remote attacker to decrypt previously captured traffic.

Description

SSLv2 is a deprecated and insecure protocol which contains a flaw in its implementation, allowing for a cross-protocol Bleichenbacher padding oracle attack (an adaptive chosen-ciphertext attack). Such an attack may allow a man-in-the-middle attacker to decrypt intercepted TLS connections via a series of specially crafted connections to an SSLv2 server that uses the same private key. The monitored connections required to conduct this attack can use any version of the SSL or TLS protocols, including TLS 1.2, as long as they all use the same RSA key exchange method. With each connection, the server response will vary enough so as to leak information to the attacker about the secret keys in use for the victim TLS connection. This information can in turn be used to eventually decrypt the entire TLS connection and gain access to all plaintext traffic between the victim and server.

Solution

Disable SSLv2 and export grade cryptography cipher suites. Ensure that private keys are not used anywhere with server software that supports SSLv2 connections.

See Also

https://drownattack.com

https://drownattack.com/drown-attack-paper.pdf

Plugin Details

Severity: Medium

ID: 9127

Family: Generic

Published: 2016/03/01

Modified: 2016/03/07

Nessus ID: 89058

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 4.7

Temporal Score: 4.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2016/03/01

Vulnerability Publication Date: 2016/03/01

Reference Information

CVE: CVE-2016-0800