Home / Blog / DROWN: yet another SSL vulnerability

DROWN: yet another SSL vulnerability

Posted on 03/23/2016, by Santiago González (INCIBE)
DROWN

What is DROWN?

DROWN is the name given to a new vulnerability linked to It is therefore a continuation of the trend that has appeared in recent years whereby diverse vulnerabilities have appeared which have a certain impact associated to Internet communication security, for example Heartbleed, POODLE, WinShock, FREAK o Logjam, among others.

The acronym DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption, and refers to an attack that can lead to the decryption of secure communications made using the TLS protocol between a client and a vulnerable server. It exploits security faults in the SSLv2 protocol, specifically in the RSA key exchange. A server is vulnerable to DROWN if it supports SSLv2, or if it does not explicitly support SSLv2 but shares private encryption keys with another server that does.

To decrypt communications, the attacker needs to intercept several hundred secure connections between the victim and the server. Then, by sending specially designed packets to the vulnerable server that is using the SSLv2 protocol and depending on the response received, the attacker will be able to infer information about the keys used in the connection, and potentially decrypt the communication. While the computational cost of these operations is relatively high, the researchers who discovered the vulnerability estimate that the attack could be carried out in around 8 hours at a cost of around $ 440 using Amazon EC2 infrastructure.

This situation is made worse by the existence of a fault in specific versions of OpenSSL, one of the most widely used implementations, which allows the attack to be carried out at much lower computational cost. Specifically, this version of the attack can be carried out in less that a minute with a modern desktop machine.

Mitigation measures involve completely removing SSLv2 support from any server with any service exposed to the Internet. The latest versions of the most widely used technology disable the use of this protocol by default, meaning the first recommendation would be to update all systems. Even so, it would be useful to check that SSLv2 has not been explicitly enabled for any service. The web page for the vulnerability makes tools available to the community to diagnose whether their domain is vulnerable: https://drownattack.com/#check. Since it concerns a problem with the server, there are no practical measures that can be taken at the client end.

Exposure of websites belonging to Spanish domains

In order to be able to measure in some way the potential impact of this and other related vulnerabilities on Spanish domains, statistical analysis has been run on registered .es domains for the following vulnerabilities: Heartbleed, POODLE, WinShock, FREAK, LogJam and DROWN.

The analysis provided the following overall information:

Percentage of Spanish websites affected by SSL/TLS vulnerabilities

- Percentage of Spanish websites affected by SSL/TLS vulnerabilities -

Among sites that use SSL/TLS, the percentage affected by one of the above vulnerabilities is average (below 50%).

Specifically, in reference to sites that use SSL, if the percentage of sites affected is specifically revised for each of the vulnerabilities analysed, it is apparent that the vulnerability which occurs most often is not the most recent; rather, it is Poodle, which was published in October 2014; DROWN takes second place.

Spanish websites using vulnerable SSL. Percentage affected by each vulnerability (March 2016)

- Spanish websites using vulnerable SSL. Percentage affected by each vulnerability (March 2016) -

Trend in SSL-related vulnerabilities in Spanish domains

In addition to knowing the current number of websites using SSL, it is also interesting to observe the change over time for the vulnerabilities analysed in the websites using SSL.

Change in the percentage of Spanish websites affected by each vulnerability: websites that support SSL

- Change in the percentage of Spanish websites affected by each vulnerability: websites that support SSL -

The trend for each of the vulnerabilities is as follows:

  • • Heartbleed: the percentage of sites affected remains constant in a fairly low range, at around 1% of sites that support SSL.
  • Poodle: in recent months, a meaningful rise has been observed in the number of sites supporting SSL that are affected by Poodle. A possible explanation for this rise is that servers that used to support SSLv2 have migrated to SSLv3 in recent months.
  • WinShock: the percentage of sites affected remains constant in a low range, at around 4% of sites that support SSL.
  • FREAK: the percentage of sites affected remains between 2% and 4% of sites that support SSL.
  • Logjam: the percentage of sites vulnerable to Logjam has fallen significantly to 12%, which is understandable given the fact that the initial data was recorded when the vulnerability was published.
  • Drown: the percentage of sites affected is fairly low given that it is a recent vulnerability.

Considering all websites analysed (that is, including those that do not use SSL and therefore are not affected by these vulnerabilities), the trend in the overall percentage of affected websites is as follows:

Change in the percentage of Spanish websites affected by each vulnerability: all websites

- Change in the percentage of Spanish websites affected by each vulnerability: all websites -

As can be seen, all the vulnerabilities currently affect fewer than 15% of the sites analysed, with Poodle being the vulnerability most often identified (around 13.5% of all sites analysed).

Closing Remarks

Once more, the appearance of DROWN demonstrates that the simple fact of allowing communications with obsolete protocols such as SSLv2 is a security risk, even though in practice, no client or browser uses it. The percentage of sites affected by this vulnerability in Spain is fairly low (fewer that 5% of all websites), indicating that in most cases, SSLv2 support in servers has already been disabled. Even so, the rise in the percentage of sites affected by Poodle suggests that the same measures have not been taken for SSLv3, or that some servers that used to support SSLv2 have migrated to support SSLv3.

As always, the Security and Industry CERT operated by INCIBE suggests that products be kept updated and that best practices be applied to system configurations. This is recommended in order to avoid being affected by these vulnerabilities as well as others that may emerge in the future.