DROWN Attack – SSLv2 Vulnerablity

Security researchers identified a new OpenSSL vulnerability, called DROWN( Decrypting RSA with Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that use the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication if the server houses SSLv2 cipher support.

DROWN was assigned the CVE-2016-0800 id by the us-nert on the march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ).

More than 11 million websites that use TLS were vulnerable to DROWN attack. If your website is protected by TLS and your server directly on indirectly supports the older SSLv2, you are also vulnerable and an attacker may exploit it to get important information such as user names, password, financial credentials, important documents ..etc.

Are You Vulnerable to DROWN?

You can use the tool SSLyze to find whether you are open to DROWN attackers. SSLyze is an SSL scanning tool which scans the specified port on the specified IP to detect whether the SSLv2 ciphers are supported. SSLyze tool can be downloaded and installed directly from https://pypi.python.org/pypi/SSLyze

Syntax: sslyze_cli.py – -sslv2  ip:port

You have to execute the command for each public IP, Port combinations correspond to every open port which uses TLS protocol.

For a secure server , while executing the command

Syntax: sslyze_cli.py – -sslv2  ip:port

May produce results like :

SCAN RESULTS FOR 192.168.0.xx:443
——————————————————
* SSLV2 Cipher Suites:
Rejected:
TLS_RSA_WITH_NULL_MD5 TCP / Received RST
SSL_CK_RC4_64_WITH_MD5 TCP / Received RST
SSL_CK_RC4_128_WITH_MD5 TCP / Received RST
SSL_CK_RC4_128_EXPORT40_WITH_MD5 TCP / Received RST
SSL_CK_RC2_128_CBC_WITH_MD5 TCP / Received RST
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 TCP / Received RST
SSL_CK_IDEA_128_CBC_WITH_MD5 TCP / Received RST
SSL_CK_DES_64_CBC_WITH_MD5 TCP / Received RST
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 TCP / Received RST

Which indicates all SSLv2 request were rejected.

But on the other hand, if the server  is vulnerable it may produce something like:

SCAN RESULTS FOR 192.168.0.xx:443
————————————————–
* SSLV2 Cipher Suites:
Preferred:
SSL_CK_RC2_128_CBC_WITH_MD5 – 128 bits
Accepted:
SSL_CK_RC4_128_WITH_MD5 – 128 bits
SSL_CK_RC2_128_CBC_WITH_MD5 – 128 bits
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 – 112 bits
SSL_CK_DES_64_CBC_WITH_MD5 – 56 bits
SSL_CK_RC4_128_EXPORT40_WITH_MD5 – 40 bits
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 – 40 bits

This has to be checked on every open port on the server that uses TLS protocol, which may include 465(SSL – SMTP), 993 (SSL – IMAP), 995 (SSL – POP3),etc.If any of these port in the server has SSLv2 enabled then server is vulnerable to DROWN.

Who Else Are Vulnerable?

From the above scan if you detect SSLv2 enabled for any service, then the server is vulnerable. Also, all the servers that share private key – certificate pair with your server is also vulnerable to DROWN attack.
This means a web server secured with TLS with SSLv2 not enabled for any service may also become vulnerable to DROWN if a mail server that shares the same certificate-key pair has SSLv2 cipher enabled.

Drown attack

How To Secure Server From DROWN Vulnerability?

To prevent servers from DROWN vulnerability, theSSLv2 has to be completely disabled in all the servers and services. Same time private key – certificate pair should not be shared with any other server(SMTP, IMAP, POP3, etc) that has SSLv2 enabled.

Securing a Linux Server From DROWN attack:

It can be accomplished in different ways, of which the two easiest and effective methods are,

I.Update OpenSSL

Updating the OpenSSL version to 1.0.1.s or 1.0.2.g.That is OpenSSL 1.0.1 should be updated to 1.0.1.s and similarly OpenSSL 1.0.2 to 1.0.2.g.

In CentOS and Redhat servers OpenSSL this can be done using yum,

# yum update openssl

In Ubuntu and Debian  servers,

# apt-get install –only-upgrade libssl1.0.0 openssl

II.Prevent DROWN by disabling SSLv2 for services

We have to disable SSlv2 manually for Apache, Postfix, Exim and other services in the server.

Disabling for Apache

We have to edit /etc/httpd/conf/httpd.conf and add below lines to disable obsolete SSLv2 and SSLv2 versions.

SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256
SSLHonorCipherOrder on

Disabling for Postfix

Edit postfix configuration file ( /etc/postfix/master.cf) to following configuration;

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3

Disabling for Exim

Edit the exim configuration file (/etc/exim.conf) as follows
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2:!SSLv3

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Leave a Reply