What You Need to Know About DROWN

A vulnerability disclosed by researchers this week, called DROWN after “Decrypting RSA with Obsolete and Weakened Encryption,” allows access to all communications between users and the server, as well as secure website impersonation, in some cases.

The vulnerability also affects servers which share private keys with servers that support SSLv2. Several web hosts and related service providers, as well as popular sites like yahoo.com and weibo.com were vulnerable to man-in-the-middle attacks as of disclosure, and some into the end of the week.

The researchers describe an attack on the vulnerability as “a new form of cross-protocol Bleichenbacherpadding oracle attack. It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key.”
Connections made with any SSL/TLS protocol using the common RSA key exchange method, including TLS 1.2.

TLS keys can ultimately be leaked in two ways: the easy way, on the “majority of servers vulnerable to DROWN are also affected by an OpenSSL bug,” through a computation that “takes under a minute on a fast PC;” and the hard way, through computations costing an estimated $440 on Amazon EC2.

The members of the research team are affiliated with Tel Aviv University, the Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat Project, the University of Michigan,Two Sigma, Google, and OpenSSL. They estimate that as of disclosure on Mar. 1, 25 percent of the Alexa top million sites are vulnerable, and 22 percent of all browser-trusted sites.

Instructions for how to disable SSLv2 support for OpenSSL,Windows Server, and NSS are available on the disclosure website set up by the researchers, as is a test tool to determine if a server is vulnerable, through SSLv2 support or key sharing.

Disclosures like the FREAK vulnerability, theL ogjam vulnerability, and the certificate forgery recognition OpenSSL vulnerability game server administrators some practice managing software versions to close security gapsin the first half of 2015.

by Chris Burt, thewhir.com