We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The DROWN Attack

32
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of Chaos Computer Club e.V.Chaos Computer Club e.V.
 Schinzel, Sebastian

Formal Metadata

Title
The DROWN Attack
Subtitle
Breaking TLS using SSLv2
Title of Series
Number of Parts
147
Author
Contributors
et al.
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.
Keywords