This blog post will discuss how to Mitigate DROWN CVE-2016-0800.
Unless you’ve been living in a cave you’ll have heard (or likely to hear about soon) the drown attack. From the Red Hat site:
“A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.
Find out more about CVE-2016-0800 from the MITRE CVE dictionary dictionary and …
[Read more]