A “new” and important vulnerability has been discovered that affects HTTPS and other services that rely on SSL/TLS implementations. This flaw is in the SSLv2 protocol, and affects all implementations. Researchers refer to this attack as DROWN – short for “Decrypting RSA using Obsolete and Weakened eNcryption”. This attack allows attackers to read or steal information sent via the “secure” connection. No attacks in the wild are currently known.
Read More
Search: