Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

SSLv2 "DROWN" Vulnerability Disclosed

Written by Michael Larabel in Free Software on 1 March 2016 at 08:34 AM EST. 5 Comments

FREE SOFTWARE

A major vulnerability was made public this morning that concerns SSLv2.

DROWN is the name for this new SSLv2 woe and is short for Decrypting RSA using Obsolete and Weakened eNcryption. This is a man-in-the-middle attack against servers running TLS for secure communication. DROWN is officially known as cve-2016-0800 where it's explained as, "A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN."

DROWNAttack.com was setup to provide more details on this latest high profile, open-source security issue. There are also more details via the Red Hat Security Blog.

5 Comments

Related News

Bloomberg Launches Open-Source Funding Initiative

Blender 3.5 Released With Lighting Improvements For Cycles, Better glTF 2.0 Handling

OBS Studio 29.1 Beta 1 Released With New AV1/HEVC Streaming Over RTMP

Apache CloudStack 4.18 LTS Released For Launching Your Own Open-Source Cloud

curl 8.0 Released To Celebrate Project's 25th Birthday

Dragonfly 1.0 Released For What Claims To Be The World's Fastest In-Memory Data Store

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OBS Studio Lands AV1 & HEVC RTMP Streaming Support

Framework Laptop Launches AMD Ryzen Upgradeable Laptop, Intel Raptor Lake Models Too

Proxmox VE 7.4 Released With Linux 5.15 LTS + Linux 6.2 Support, New Dark Theme

AMD FidelityFX Super Resolution 3 "FSR 3" Will Be Open-Source

NVIDIA 530.41.03 Linux Driver Released With IBT Kernel Support, Vulkan Video

Ubuntu 20.04.6 LTS Released With Restored UEFI Secure Boot Support

MidnightBSD 3.0 Available With Many Software Updates & Fixes

Wine's VKD3D 1.7 Implements More Direct3D 12 Functionality Atop Vulkan