OpenSSL DROWN death Vulnerability Detection and repair methods

OpenSSL DROWN death Vulnerability Detection and repair methods

I. Vulnerability Description: popular servers and clients use TLS encryption. SSL and TLS protocols ensure that users surf the Internet, shop, and instant messaging without being read by third parties. The DROWN vulnerability allows attackers to break down the encryption system and read or steal sensitive communications, including passwords, credit card accounts, trade secrets, and financial data, through "man-in-the-middle hijacking.

Ii. Vulnerability impact:
Most servers that support SSLv2 are affected by this vulnerability, such as web servers and email servers with ssl and tls encryption enabled.

Iii. Detection Methods:
You can also use the detection tool to check ,:
Https://github.com/nimia/public_drown_scanner

Iv. solution:
Make sure that your private key is not applicable to other sslv2 services, including web, smtp, imap, and pop services. Disable sslv2 support on the server. For Openssl, see the official OpenSSL repair guide.
Https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

If the nginx server directly removes the ssl_protocols SSLv2 support from the nginx. conf configuration file.

Example:
[[Email protected] _ vm_dev46 public_drown_detail] # yum install python-virtualenv

[[Email protected] _ vm_dev46 public_drown_detail] # virtualenv drown
New python executable in drown/bin/python
Installing Setuptools ................................................................................................... Done.
Installing Pip .................................................................................................................. .... Done.
[[Email protected] _ vm_dev46 public_drown_detail] #
[[Email protected] _ vm_dev46 public_drown_detail] #
[[Email protected] _ vm_dev46 public_drown_detail] # cd drown/
[[Email protected] _ vm_dev46 drown] # ls
Bin include lib lib64
[[Email protected] _ vm_dev46 drown] #./bin/activate
-Bash:./bin/activate: Permission denied
[[Email protected] _ vm_dev46 drown] # ../bin/activate
(Drown) [[email protected] _ vm_dev46 drown] #
(Drown) [[email protected] _ vm_dev46 drown] #
(Drown) [[email protected] _ vm_dev46 drown] # pip install enum pycrypto scapy pyasn1 scapy-ssl_tls

(Drown) [[email protected] _ vm_dev46 drown] # python/root/public_drown_logs/login. py www.com 443
Testing www.com on port 443.
Www.com: Server is vulnerable, with cipher RC2_128_CBC_EXPORT40_WITH_MD5

Www.com: Server is vulnerable, with cipher RC4_128_EXPORT40_WITH_MD5

Www.com: Case 7; your Ric key did not successfully verify on server finished message
Www.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 7: no tls

Www.com: Server is vulnerable, with cipher DES_64_CBC_WITH_MD5

(Drown) [[email protected] _ vm_dev46 drown] # python/root/public_drown_logs/login. py www.com 443
Testing www.com on port 443.
Www.com: Case 3b; Connection reset by peer when waiting for server hello
Www.com: Server is NOT vulnerable with cipher RC2_128_CBC_EXPORT40_WITH_MD5, Message: 3b: no tls

Www.com: Case 3b; Connection reset by peer when waiting for server hello
Www.com: Server is NOT vulnerable with cipher RC4_128_EXPORT40_WITH_MD5, Message: 3b: no tls

Www.com: Case 3b; Connection reset by peer when waiting for server hello
Www.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 3b: no tls

Www.com: Case 3b; Connection reset by peer when waiting for server hello
Www.com: Server is NOT vulnerable with cipher DES_64_CBC_WITH_MD5, Message: 3b: no tls