DROWN Vulnerability Hits SSL/TLS, but It's No Heartbleed

Mar 01, 2016, 11:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

DROWN, which stands for "Decrypting RSA with Obsolete and Weakened eNcryption," is a newly disclosed vulnerability that could be exposing millions of sites to risk today.

However, the DROWN attack is specific to the legacy SSLv2 protocol, and the impact of the flaw is not nearly as widespread as the Heartbleed flaw.

Complete Story

Related Stories:

• POODLE Flaw Found in Legacy SSL 3.0 Encryption(Oct 15, 2014)
• Firefox 34 Adds Browser-Based Voice Calling, Blocks POODLE Attacks(Oct 21, 2014)
• PHP 5.6.2 and 5.4.34 Update for Critical Security Flaws(Oct 20, 2014)
• Shellshock a Fail for Security Disclosure(Oct 23, 2014)