SSLv2 Cross-Protocol Session Decryption Vulnerability (DROWN)

medium Nessus Network Monitor Plugin ID 9127


The remote host may be affected by a vulnerability which would allow a remote attacker to decrypt previously captured traffic.


SSLv2 is a deprecated and insecure protocol which contains a flaw in its implementation, allowing for a cross-protocol Bleichenbacher padding oracle attack (an adaptive chosen-ciphertext attack). Such an attack may allow a man-in-the-middle attacker to decrypt intercepted TLS connections via a series of specially crafted connections to an SSLv2 server that uses the same private key. The monitored connections required to conduct this attack can use any version of the SSL or TLS protocols, including TLS 1.2, as long as they all use the same RSA key exchange method. With each connection, the server response will vary enough so as to leak information to the attacker about the secret keys in use for the victim TLS connection. This information can in turn be used to eventually decrypt the entire TLS connection and gain access to all plaintext traffic between the victim and server.


Disable SSLv2 and export grade cryptography cipher suites. Ensure that private keys are not used anywhere with server software that supports SSLv2 connections.

See Also

Plugin Details

Severity: Medium

ID: 9127

Family: Generic

Published: 3/1/2016

Updated: 3/6/2019

Nessus ID: 89058

Risk Information


Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N


Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 3/1/2016

Vulnerability Publication Date: 3/1/2016

Reference Information

CVE: CVE-2016-0800