Security researchers have discovered that one in every three HTTPS servers are being attacked by DROWN-Decrypting RSA with Obsolete and Weakened Encryption. The good news is the vulnerability was found by some Academic Researchers and so there is still time to recuperate. But the bad news is that media has spread this news like wild fire and so hackers will be attacking servers with DROWN in no time.
The problem exists because many HTTPS servers still support the old and insecure SSL (Secure Sockets Layer) version 2 protocols. SSLv2 was superseded by SSLv3 in 1996 and was replaced by TLS (Transport Layer Security) versions 220.127.116.11 and 1.2.
Security researchers say that SSLv2 should never be used for encrypted communications. But till date, security professional did not see support for it in server configurations as posing a security threat until now, because modern browsers and other TLS-capable clients wouldn’t use it.
However, all these practices are now termed to be incorrect from security point of view and that was shown in the newly released research paper by a group of researchers. The study made by them showed that if an HTTPS server supports SSLv2, an attacker can exploit it to decrypt intercepted connections from its clients even if those connections are using the latest and most secure version of the TLS protocol.
Their attack, dubbed DROWN, has several pre-requisites, but is quite practical. First of all, the targeted HTTPS server needs to either support SSLv2 itself or to share its private key with another server that does so — for example, an email server.
It’s quite common for organizations to use the same private key or certificate for TLS implementations on both Web and email servers.
Additionally, the observed connections need to use the RSA key exchange algorithm during the handshake, but this shouldn’t be a problem for hackers as RSA is still the most popular key exchange method in TLS implementations.
Once the connections have been captured, the hacker needs to connect to the server over the SSLv2 protocol and send specially crafted handshake messages that contain the RSA ciphertext copied from the client’s TLS connections. Though the process usually fails, the server response will leak info about the secret keys used for the victim’s TLS connection.
DROWN attackers need to perform roughly around 40K probe connections and 2 power 50 computations to decrypt one out of 900 observed TLS connections. The attackers will need around $440USD to run an attack on Amazon’s Ec2 Cloud computing platform. So, hackers who are investing the said amount of money will be looking for a 100% more payback from the hack. Moreover, establishing around 40,000 HTTPS connections with a server is not that hard these days, as with an Apache 2.4 server, researchers can complete around 10,000 HTPPS requests in less than 10 seconds.
They are two ways for the server admins to isolate the servers from such attacks. One is by ensuring they have disabled support for SSLv2 on the servers. The other is to check if the server supports SSLv2 and see that its private key is not reused on other servers.
According to the white paper, an estimated 25% of all HTTPS enabled websites listed on Alexa with top million traffic are vulnerable to DROWN hack. This includes popular websites like Yahoo.com, Daily motion, Flickr.com, alibaba.com etc…So, wake up guys!
To know more about DROWN attacks please read the white paper available in this link