Number: AV16-039
Date: 03 March 2016
Purpose
The purpose of this advisory is to bring attention to an SSL/TLS vulnerability, Decrypting RSA with Obsolete and Weakened eNcryption, “DROWN”.
Assessment
The DROWN vulnerability can be leveraged by attackers to decrypt SSL/TLS connections between a client and server allowing SSLv2. Any type of server with SSLv2 enabled is vulnerable (including HTTPS, IMAP, POP and SMTP). A successful attacker would be capable of obtaining a single session key for a captured TLS handshake through brute-force decryption, which would allow the captured session to be decrypted (in a timeframe of hours using cloud computing services).
In conjunction, a vulnerability in OpenSSL 1.0.2 and 1.0.11 (and earlier) would allow an attacker to reduce the brute-force decryption timeframe for a session key to minutes using commodity computer hardware.
Suggested Action
CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly or consider applying the workarounds.
It is recommended to use unique private keys when applicable for different servers and/or services.
References:
- DROWN Vulnerability (researcher website):
https://drownattack.com - CCIRC AV16-036: OpenSSL Advisory – Multiple Vulnerabilities:
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2016/av16-036-en.aspx - NVD:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0800