See what our global post-quantum study uncovered about where the world stands in the race to prepare for quantum computing.
Researchers recently uncovered the DROWN vulnerability in SSL v2. DROWN stands for Decrypting RSA with Obsolete and Weakened encryption. It affects HTTPS and other services that rely on the SSL and TLS protocols.
Attackers can use the DROWN vulnerability to break the encryption that is used to protect your sensitive data from prying eyes. If the encryption is broken, attackers can read/steal your sensitive communications (e.g., passwords, financial data, and emails). In some situations, attackers may also be able to impersonate trusted websites.
It is estimated that 22% of servers may be vulnerable to the DROWN attack. If you have a website, mail server, and other services that rely on TLS, you may be susceptible to this attack as well.
To check a website or a public facing server to see if it supports SSL v2, you can use tools such as DigiCert® SSL Installation Diagnostics Tool. To check all the servers in your network (public and private) for SSL v2 support, you can use tools such as DigiCert® Certificate Inspector.
If you discover that you have servers or services that still support SSL v2, the fix is straightforward: disable SSL v2.