Vulnerabilities Weekly Summary Ending March 4
By Jerry Adams on March 8, 2016
A security research team has found a new type of attack on SSL, dubbed “DROWN”. It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key. It requires roughly a 1000 intercepted SSL handshakes for the attack to be effective. The SSLv2 protocol is the only protocol directly impacted however, the researchers stated that many servers may use a shared certificate between the SSLv2 and the newer TLS protocols. If this is the case and the certificate is decrypted via SSLv2, then the TLS protocol using the shared certificate can be decrypted as well but the private key is not obtained in this attack.
This attack can only be prevent from the server side, so network administrators should disable support for SSLv2. Also use unique SSL keys and certificates for TLS connections to prevent reuse of the keys for SSLv2. Lastly admins should monitor firewalls and network logs for repeated connections as the attack requires at least 1000 SSL handshakes for it to be effective. (N. Aviram, 2016)(G. Wassermann, 2016 Mar. 7).
Also a whitepaper by Akamai’s Security Intelligence Research Team report that IKE/IKEv2 protocols are vulnerable to network amplification attacks. No specific vulnerabilities are reported but the protocols maybe leveraged to do a reflection-based DDoS attacks (B. Brenner et al, 2016). There are no current solutions, only mitigation techniques such as egress filtering, which may help to mitigate attacks that utilize source IP spoofing (G. Wassermann, 2016 Mar. 4).
References:
N. Aviram et al. (2016 Mar. 1). “The DROWN Attack“. CycleSEC. Retrieved from https://drownattack.com/ on Mar. 7, 2016.
G. Wassermann. (2016 Mar. 4). “Vulnerability Note VU#419128: IKE/IKEv2 protocol implementations may allow network amplification attacks“. US-CERT. Retrieved from http://www.kb.cert.org/vuls/id/419128 on Mar. 8, 2016.
G. Wassermann. (2016 Mar. 7). “Vulnerability Note VU#583776:Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack“. US-CERT. Retrieved from https://www.kb.cert.org/vuls/id/583776 on Mar. 7, 2016.
B. Brenner et al. (2016 Feb. 25). “WHITE PAPER: IKE/IKEv2: ripe for DDoS abuse“. Akamai Security Intelligence Research Team. Retrieved from https://community.akamai.com/docs/DOC-5289 on Mar. 8, 2016
-
CrushFTP CVE-2025-31161 Vulnerability
CrushFTP CVE-2025-31161 Vulnerability
4/11/2025 -
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
4/4/2025 -
Next.js Middleware CVE-2025-29927 Vulnerability
Next.js Middleware CVE-2025-29927 Vulnerability
4/4/2025