Paper ship - DROWN attack

What you need to know about the DROWN vulnerability

rich gardner / 03.03.16

On Tuesday, OpenSSL issued a security advisory for the DROWN attack on SSLv2 (CVE-2016-0800).

DROWN is considered a serious security vulnerability that affects HTTPS users, allowing hackers to potentially break encryption and access sensitive information, including any communication between an end-user and a server.

We’ve all used HTTPS to gauge whether or not a website is secure, or at least safe to browse. Now that there has been another SSL attack, we’re paying more attention, learning quickly that HTTPS is not a guarantee of safety anymore. Understanding that we can’t trust HTTPS sites is a huge problem for our email, purchase, banking, and other common, daily internet activities.

CloudPassage Halo detects and alerts your security team to vulnerabilities like DROWN, ensuring that your company can quickly take proactive measures to avoid a security breach.

Specifically, CloudPassage Halo can:

  • Detect the released CVE-2016-0800, which will help organizations find systems that are vulnerable to this type of an attack
  • Inspect and scan your servers for specific services running, along with Halo’s configuration security management (CSM) module
  • Ensure that configuration of Microsoft or Linux applications are (or are not) running SSLv2
  • Verify proper configuration of Apache, Postfix, Nginx to be utilizing the proper SSL version

Want to learn more about how you can keep your organization protected? Visit cloudpassage.com/demo or contact 800-215-7404.