How DigiCert and its partners are putting trust to work to solve real problems today.
While the world is pushed—or forced—toward digitizing all business processes, workflows and functions, the lessons from the early days of the Internet can be a predictor of success. Learn how Digital Trust can make or break your strategy and how the wrong solution may be setting your organization up for failure in less than three years.
Researchers recently uncovered the DROWN vulnerability in SSL v2. DROWN stands for Decrypting RSA with Obsolete and Weakened encryption. It affects HTTPS and other services that rely on the SSL and TLS protocols.
Attackers can use the DROWN vulnerability to break the encryption that is used to protect your sensitive data from prying eyes. If the encryption is broken, attackers can read/steal your sensitive communications (e.g., passwords, financial data, and emails). In some situations, attackers may also be able to impersonate trusted websites.
It is estimated that 22% of servers may be vulnerable to the DROWN attack. If you have a website, mail server, and other services that rely on TLS, you may be susceptible to this attack as well.
To check a website or a public facing server to see if it supports SSL v2, you can use tools such as DigiCert® SSL Installation Diagnostics Tool. To check all the servers in your network (public and private) for SSL v2 support, you can use tools such as DigiCert® Certificate Inspector.
If you discover that you have servers or services that still support SSL v2, the fix is straightforward: disable SSL v2.