Millions of HTTPS sites open to DROWN attack
Wed 2 Mar 2016
A newly discovered decryption attack called DROWN that can access sensitive information on TLS-protected websites is estimated to potentially affect up to 33% of all HTTPS websites, mail servers, and other services, putting an estimated 11 million websites at risk of attack. DROWN can break standard internet security cryptography within minutes or hours, and attackers can then access secure information including usernames, passwords, credit card information, trade secrets, and financial data.
Most modern servers use the up-to-date and accepted form of encryption protocol, TLS, or transport layer security protocol. However, many servers are misconfigured and still support SSLv2, a forerunner to TLS that was withdrawn from popular use due to major security flaws. A modern server could use TLS for primary encryption, and if it still supported SSLv2 it wasn’t considered a security weakness, because clients never used it. However, a DROWN attack uses the SSLv2 support as a vulnerable point. If an HTTPS server itself is updated to use only TLS, but still supports SSLv2, the DROWN attacker reads the TLS connection but then launches SSLv2 probes to the server. An estimated 17% of all HTTPS servers actively allow SSLv2 connections. However, a server is also vulnerable if it is linked to another server, for example, an email server that uses the same key, that allows SSLv2 connections. Even if your web server is up to date and does not allow the SSLv2 connection, an attacker can access the public key from a connected server, and use that to access the web server. An additional 16% of HTTPS servers are therefore vulnerable, as estimated by the research group that discovered DROWN, for a total of 33% of all HTTPS sites that are open for attack.
DROWN, which stands for Decrypting RSA with Obsolete and Weakened eNcryption, was discovered by a team of researchers from university and corporate backgrounds, including Tel Aviv University, University of Pennsylvania, and Google/Open SSL. The researchers have constructed a FAQ page, as well as a link to check if your servers are vulnerable to DROWN, at www.drownattack.com. They offer specific advice for disabling SSLv2 for Open SSL, Microsoft IIS, Network Security Services, Apache, Postfix, and Nginx. There is no action that can be taken by end users to prevent DROWN; it is a vulnerability that can only be addressed at the server operator level.