Feedly:TrendLabs Security Intelligence Blog. DROWN SSLv2 Vulnerability Rears Ugly Head, Puts One-Third of HTTPS Servers At Risk

from TrendLabs Security Intelligence Blog

A "new" and important vulnerability has been discovered that affects HTTPS and other services that rely on SSL/TLS implementations. This flaw is in the SSLv2 protocol, and affects all implementations. Researchers refer to this attack as DROWN - short for "Decrypting RSA using Obsolete and Weakened eNcryption". This attack allows attackers to read or steal information sent via the "secure" connection. No attacks in the wild are currently known.