Status on the SSLv2 vulnerability known as DROWN (CVE-2016-0800)

Team XMedius -

OpenSSL recently announced (http://openssl.org/news/secadv/20160301.txt) that a new method was discovered that could easily lead an attacker to decrypt TLS sessions on a server supporting SSLv2.

 SSLv2 already had other well-known weaknesses and, as such, was previously completely disabled on the XMediusCLOUD platform, making your traffic unexposed to the DROWN attack.

The XMediusCLOUD security team.

Have more questions? Submit a request

Comments

Powered by Zendesk