[bdNOG] SSLv2 DROWN Attack
Jahangir Hossain
jrjahangir at gmail.com
Wed Mar 2 17:28:49 BDT 2016
Dear members ,
Network traffic encrypted using an RSA-based SSL certificate may be
decrypted if enough SSLv2 handshake data can be collected. Exploitation of
this vulnerability - referred to as DROWN in public reporting - may allow a
remote attacker to obtain the private key of a server supporting SSLv2.
For more information please visit ,
https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack
https://www.us-cert.gov/ncas/current-activity/2016/03/01/OpenSSL-Releases-Security-Advisory
*Regards / Jahangir*
* | Open Comm*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20160302/d0b1ebf6/attachment.html>
More information about the nog
mailing list