The DROWN attack, standing for "Decrypting RSA with Obsolete and Weakened eNcryption," represents a significant threat in the realm of cybersecurity. It is a cross-protocol vulnerability affecting servers that utilize modern SSLv3/TLS protocols while still maintaining support for the outdated and insecure SSL v2 protocol. This attack allows hackers to exploit weak points in SSL v2 to compromise connections that would otherwise be secure with more current protocols.
"Decrypting RSA with Obsolete and Weakened eNcryption,"
According to researchers, the DROWN attack is particularly concerning because any server that shares public key credentials between these two protocols is susceptible. "If the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server," said Nimrod Aviram, one of the researchers who discovered the vulnerability.
"If the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server,"
The ramifications of this vulnerability became clear in March 2016, when its full details were revealed alongside a patch that disabled SSLv2 in OpenSSL. The vulnerability was officially registered with the ID CVE-2016-0800. However, Aviram cautioned that the patch alone does not fully mitigate the attack risk: "The patch alone will not be sufficient to mitigate the attack if the certificate can be found on another SSLv2 host."
By the Numbers
An eye-opening estimate from the research team indicated that as of March 1, 2016, approximately 33% of all HTTPS sites were at risk due to DROWN. This statistic highlighted the widespread nature of the problem.
DROWN exploits vulnerabilities not just in specific software issues but also in the configuration of server protocols. As stated in the findings, “The exploit cannot be fixed by making changes to client software such as web browsers.” Instead, DROWN operates by employing a chosen-ciphertext attack using an SSLv2 server as a Bleichenbacher oracle. This technique cleverly manipulates RSA encryption methods to expose sensitive information.
Further elucidating the technical mechanics of the attack, researchers explained, "SSLv2 worked by encrypting the master secret directly using RSA, and 40-bit export ciphersuites only encrypted 40 bits of the master secret while exposing 88 bits as plaintext." The process of breaking the encryption requires considerable computational resources but can be executed at relatively low cost. “A successful attack will provide the session key for a captured TLS handshake,” they added.
An intriguing development was the identification of a specific weakness in the OpenSSL implementation of SSLv2, leading to what researchers termed a ‘special DROWN attack.’ This variation significantly lessened the computational effort needed to break the encryption and opened the door for real-time man-in-the-middle exploits. “This vastly reduced the effort required to break the encryption,” said Sebastian Schinzel, the co-investigator of the study.
Until 2015, the OpenSSL implementation had some glaring deficiencies, such as not validating that the clear and encrypted key lengths were correct. This negligence allowed up to only 8-bits of the master secret to be operational, projecting vulnerabilities that were not acceptable.
Summarizing defense strategies, Aviram advised, "To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections." It is crucial for web servers, SMTP servers, and related infrastructures to phase out SSLv2 support altogether.
Looking Ahead
As the cybersecurity landscape evolves, DROWN serves as a reminder of the complexities involved in maintaining robust security measures. The continued awareness and education around such vulnerabilities are essential in preventing future exploits, ensuring a safer web environment for users globally. Ultimately, the DROWN vulnerability encapsulates the risks posed by obsolete protocols in a rapidly advancing technological world.
