Advisory – ‘DROWN’ (Cross-protocol attack on TLS using SSLv2) vulnerability

‘DROWN’ – Decrypting RSA with Obsolete and Weakened eNcryption Various products may be affected by this vulnerability, given the common vulnerability and exposures designation of CVE-2016-0800. A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites. Traffic… Continue reading