DROWN

GPTKB entity

Statements (38)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:affects gptkb:SSLv2
TLS
gptkbp:announced 2016-03-01
gptkbp:category crypt
network security vulnerability
gptkbp:discoveredBy gptkb:Vern_Paxson
gptkb:Matthew_Green
gptkb:David_Adrian
gptkb:J._Alex_Halderman
gptkb:Nadia_Heninger
gptkb:Zakir_Durumeric
gptkb:Emilia_Käsper
gptkb:Jann_Horn
Eyal Ronen
Gabriel G. Portmann
Kevin Borgolte
Martin P. Schneider
Yuval Shavitt
gptkbp:exploits gptkb:man-in-the-middle
decryption attack
gptkbp:fullName Decrypting RSA with Obsolete and Weakened eNcryption
https://www.w3.org/2000/01/rdf-schema#label DROWN
gptkbp:impact allows decryption of TLS sessions
compromises confidentiality
gptkbp:mitigatedBy disable SSLv2
update OpenSSL
do not reuse private keys across protocols
gptkbp:relatedTo gptkb:OpenSSL
gptkb:SSL
TLS
gptkbp:target servers supporting SSLv2
servers with shared private keys
gptkbp:vulnerableTo gptkb:CVE-2016-0800
gptkbp:bfsParent gptkb:Transport_Layer_Security
gptkb:CVE-2016-0800
gptkb:SSLv2
gptkbp:bfsLayer 6