A new decryption attack which researchers have dubbed vulnerability DROWN, short for Decrypting RSA with Obsolete and Weakened eNcryption is at large and puts more than 11 million websites and e-mail services protected by the transport layer security protocol on the line.
The newly discovered vulnerability was discovered by developers on Tuesday and has been described as a low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately. The vulnerability allows attacks to be directed against TLS-protected communications that rely on the RSA cryptosystem which can occur even in case the key is exposed through SSLv2. Apparently, more than 81,000 of the top 1 million most popular Web domains are listed among the vulnerable HTTPS-protected sites.
“It’s pretty practical because if you know you want to target certain websites and they’re vulnerable, you can pretty much set up shop and the next thing you know you have all of these secure connections, the passwords, and everything else,”
Matt Green, a cryptography expert at Johns Hopkins University who has read the research paper, told Arstechnica.
“It’s amazing to me that we keep finding one or two of these [vulnerabilities] per year for protocols that are this old. This shouldn’t keep happening. It kind of makes me feel like we’re not doing our jobs.”
DROWN adds to critical bugs that have allowed attackers to breach TLS over the past five years. Other highly volatile security loopholes discovered earlier include BEAST, CRIME, BREACH and FREAK.
TLS security has always been an issue. There had always been problems with encryption and decryption and with last year’s Logjam making security and privacy a much bigger issue, TLS safety went through the ground.
The vulnerability basically allows an attacker to decrypt an intercepted TLS connection by repeatedly using SSLv2 to make connections to a server. Each time the signal is intercepted, a little data is withheld by the attacker. The attack, against mass belief, cannot be prevented by removal of SSLv2 support from browser and e-mail clients.
OpenSSL is the most vulnerable among all TLS implementations to DROWN. By default, SSLv2 isn’t set as preferred but users often override this to optimize specific applications. But now admins cannot enable SSLv2 without declaring explicit intent to do so. An update is expected to be released by the OpenSSL cryptographic library on Tuesday that will make settings that put system security under bars less likely to occur.