View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 2, 2016updated 05 Sep 2016 8:05am

11 million HTTPS websites at risk of DROWN SSL vulnerability

News: Some of the world's most popular websites at risk.

By Charlotte Henry

A group of international researchers have outlined a vulnerability called DROWN, which was previously unknown, and could undermine the security of HTTPS.

The researchers say the attack is "a novel cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients by using a server supporting SSLv2 as a Bleichenbacher RSA padding oracle."

The attack decrypts sensitive communications in just hours, and in some cases it can even be done almost immediately, at relatively low cost.

The researchers have compiled all their research on a website that accompanies the academic paper. On it they list many of the popular sites that are vulnerable. These include,,,, and

They say that attacks could intercept "any communication between users and the server". This could include data such as usernames and passwords and credit card numbers, as well as messages such as emails, instant messages, and sensitive documents.

The attack can be executed against communications protected by TLS relying on the RSA cryptography when SSLv2 exposes the key. The researchers "discovered multiple implementation flaws in commonly deployed OpenSSL versions that allow an extremely efficient and much more dangerous instantiation of this attack."

The international team worked with OpenSSL, after discovering the vulnerability to the cryptographic library, and an update to patch the flaw is on the way.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The version of HTTPS affected came out in 1995, and was declared dead less than a year ago. The vulnerability could leave millions of websites vulnerable to attack.

In the academic paper, the researchers said that "We found that 11.5 million (33%) HTTPS servers are vulnerable to our attacks, because many HTTPS servers that do not directly offer SSLv2 share RSA keys with other services that do."

Ivan Ristic of Qualys said: "The attack is an extension of the 1998 Bleichenbacher attack that can be used to decrypt a ciphertext when a padding oracle exists. For more information, I suggest that you read the original DROWN research, which is very interesting indeed.

"However, the bottom line is that one out of every 1,000 full TLS handshakes can be decrypted, leading to the compromise of the entire TLS session (potentially many connections of data)."

In their paper, having outlined practical attack scenarios in detail, the researchers say "we argue that modern practices of cryptographic protocol design do not include a systematic analysis to prevent direct message side channel Bleichenbacher attacks."

This underlines that the issue is due to the ongoing use of old cryptography tools. "The continued use of obsolete cryptography tools needs to stop," said Craig Young, Security Researcher at Tripwire.

"Earlier this year we learned how the SLOTH attack could compromise privacy of TLS, VPN, and SSH services when the obsolete SHA-1 or MD5 hashing algorithms were used. Now we are seeing a practical attack capable of extracting private keys out of servers running the completely broken SSLv2 protocol."

"Our work serves as yet another reminder of the importance of removing deprecated technologies before they become exploitable vulnerabilities," said the researchers.

The DROWN reserachers were from Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project.

Individuals involved in the project include Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.