DROWN (OpenSSL vulnerability) - CVE-2016-0800

Advisory ID: 16-0008
Publish Date: 2016-03-07
Revision: 1.0


On March 1, 2016, the OpenSSL Software Foundation published news about a vulnerability in OpenSSL that would put servers running SSLv2 at risk of man-in-the-middle (MITM) attacks (see External References section for more information).

The following CVE is associated with this vulnerability:

Detailed Description

According to NVD and CVE-2016-0800:

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

According to the official web site https://drownattack.com:

DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

Affected Products

Mitel has launched an internal investigation. This advisory will be updated when more details are available.
Customers are advised to take action in the Mitigation/Recommendations section below.

Risk Assessment

NVD scoring for this vulnerability is pending as of this publication.

According to the official web site https://drownattack.com, a server is vulnerable to DROWN if:

It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings. Our measurements show that 17% of HTTPS servers still allow SSLv2 connections.


Its private key is used on any other server that allows SSLv2 connections, even for another protocol. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server. When taking key reuse into account, an additional 16% of HTTPS servers are vulnerable, putting 33% of HTTPS servers at risk.

The risk to products where SSLv2 has been permanently disabled, or SSLv2 has been disabled through configuration is lower than those where SSLv2 is enabled.

Mitigation / Recommended Action

SSLv2 is in an insecure protocol and should be disabled on all systems (not just Mitel products and services). The importance of doing so being greater for systems accessible from untrusted environments. Additional attention should be extended in the rare case that the private keys of Mitel products or servers are installed on other systems.

Customers are also advised to update products and services in their environment to the latest releases to address resolved security issues.

Mitel will continue to investigate and provide additional recommendations or solutions as might be warranted.

External References


Related CVEs / Advisories


Ready to talk to sales? Contact us.