Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

How to not DROWN

What you should know about the DROWN vulnerability.

DROWN (Decrypting RSA using Obsolete and Weakened eNcryption) is a vulnerability that makes it possible to compromise a TLS HTTPS connection by using a server supporting SSLv2 and EXPORT cipher suites. It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key. This means that communications can be decrypted and read by an attacker on any affected HTTPS service. There's nothing that can be done at the client side as it's the server that is affected.

So, if your server is configured with SSLv2 enabled, you’re vulnerable to this attack. If it's not, but you’ve reused its private RSA key on another host that is running SSLv2 (even if it’s a different certificate, or different protocol like a mail server), communications with your non-SSLv2 server are at risk. OpenSSL was updated this week to address CVE-2016-0800 and explicitly remove support for SSLv2. The solution is to disable SSLv2 on every server you control and patch OpenSSL:

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

The DROWN researchers estimate that, with key reuse accounted for, 33% of all HTTPS servers are at risk. To repeat: your HTTPS server need not be running SSLv2 to be compromised - if another host on your network shares the RSA private key and enables SSLv2, your HTTPS server is vulnerable.

According to the DROWN researchers, two OpenSSL implementation vulnerabilities make DROWN worse. CVE-2015-3197, which affected OpenSSL versions prior to 1.0.2f and 1.0.1r, allows a DROWN attacker to connect to an SSLv2-enabled server with disabled SSLv2 ciphersuites. CVE-2016-0703, which affected OpenSSL versions prior to 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf, greatly reduces the time and cost of carrying out the DROWN attack. Researchers were able to execute the attack against servers vulnerable to CVE-2016-0703 in under a minute using a single PC. Although there is no evidence that attacks have occurred previously, now that this information is public attacks are likely to occur, so sites should take steps to mitigate the vulnerability now.

The AusCERT Security Bulletin is at https://www.auscert.org.au/31774. As a service to its members, AusCERT advised them, last Friday, about any vulnerable servers at their sites. To find out if you are vulnerable to DROWN, visit https://test.drownattack.com/ and for information about DROWN visit https://drownattack.com/. To check servers manually for SSLv2 support, nmap has a script available at https://nmap.org/nsedoc/scripts/sslv2.html.