CVE-2016-0800

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1s OpenSSL versions prior to 1.0.2g

Description The issue is related to the SSLv2 protocol, which requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data. This makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, also known as a "DROWN" attack. The vulnerability can be exploited by capturing packets or acting as a man-in-the-middle to obtain SSL session keys, decrypt encrypted traffic, and obtain users' sensitive information. Additionally, a side-channel attack was found that could lead to the recovery of RSA keys due to cache-bank conflicts on the Intel Sandy-Bridge microarchitecture.

Recommendations For OpenSSL versions prior to 1.0.1s, update to version 1.0.1s or later to resolve the issue. For OpenSSL versions prior to 1.0.2g, update to version 1.0.2g or later to resolve the issue. As a temporary workaround, consider disabling the use of the SSLv2 protocol until a patch is available. Restrict access to sensitive information and encrypted traffic to minimize the risk of exploitation.