SSL DROWN Vulnerability Scanner
Check your SSL/TLS configuration for DROWN vulnerability. Ensure SSLv2 is disabled and your server uses modern encryption protocols.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
20 seconds
Time Interval
1 month 4 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
What is SSL DROWN Vulnerability?
SSL DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a critical vulnerability that exploits outdated SSL/TLS protocols, specifically SSLv2, to decrypt secure communications. Servers supporting SSLv2, even indirectly, are susceptible to this attack, putting encrypted traffic, such as passwords and sensitive user data, at risk.
The attack involves intercepting encrypted traffic and leveraging weaknesses in SSLv2 to decrypt RSA keys. Once these keys are compromised, an attacker can decrypt secure connections using those keys. DROWN is particularly dangerous because it can affect servers even if SSLv2 is enabled on a different service using the same certificate.
Mitigations include disabling SSLv2 entirely, ensuring secure configurations for SSL/TLS, and using modern protocols like TLS 1.2 or TLS 1.3. Additionally, certificates shared across multiple services should be carefully managed to avoid indirect exposure.
