- February 24, 2022: Instead of the Diligence page, use the Findings page.
- March 1, 2016: Published.
The Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) vulnerability allows attackers to eavesdrop on encrypted connections with servers that still support SSLv2.
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle [CVE-2016-0800].
Search for “SSLv2” in the Findings page to get DROWN-related findings.