DROWN attack

Based on Wikipedia,

“The DROWN attack is a cross-protocol security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. DROWN can affect all types of servers that offer services encrypted with TLS yet still support SSL v2, provided they share the same public key credentials between the two protocols.”

Note:

You can find more about the right implementation for SSL/TLS in Maximizing SharePoint Security whitepaper https://gallery.technet.microsoft.com/Maximizing-SharePoint-cf7f7efc

To check if your website has this vulnerability, you can use the following tools:

  1. SSL LABS https://www.ssllabs.com/ssltest/
    01
  2. The DROWN Attack Test https://test.drownattack.com/
    01

To Fix this issue , simply disable SSL v2 in your servers (also it’s recommended to disable SSL v3) as following :

Go to this registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

If there is no “Server” key then create “Server” key

Then create a DWORD value named “DisabledByDefault” and change the value data to “1

Restart the server

01

Note:

Some articles, use “Enabled” key instead of “DisabledByDefault” but if you go with this way then the above tools will not consider your server secure against Crown attack so better to go with “DisabledByDefault “.

For more details about Crown attack, check the following post:

https://blog.qualys.com/securitylabs/2016/03/04/ssl-labs-drown-test-implementation-details

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s