Researchers recently uncovered the . DROWN stands for Decrypting RSA with Obsolete and Weakened encryption. It affects HTTPS and other services that rely on the SSL and TLS protocols.
Attackers can use the DROWN vulnerability to break the encryption that is used to protect your sensitive data from prying eyes. If the encryption is broken, attackers can read/steal your sensitive communications (e.g., passwords, financial data, and emails). In some situations, attackers may also be able to impersonate trusted websites.
It is estimated that 22% of servers may be vulnerable to the DROWN attack. If you have a website, mail server, and other services that rely on TLS, you may be susceptible to this attack as well.
To check a website or a public facing server to see if it supports SSL v2, you can use tools such asÌý ÃÛÌÒTV® SSL Installation Diagnostics Tool. To check all the servers in your network (public and private) for SSL v2 support, you can use tools such as ÃÛÌÒTV® Certificate Inspector.
If you discover that you have servers or services that still support SSL v2, the fix is straightforward: disable SSL v2.