Expert have warned that Websites could be exposing themselves to an attack that can break and exploit HTTPS encryption protections in less than a minute.
Yep, that’s right. There’s another branded exploit out there, and this one is causing more concern than most. More than 33% of servers worldwide are vulnerable to an attack that can decrypt secure HTTPS protocol communications, such as credit card numbers and passwords, in less than a minute.
“DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption, allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key.”
It works against HTTPS by sending specially crafted packets to a server, or if the certificate is shared on another server, effectively performing a Man-in-the-Middle attack.
Unfortunately, there’s little to nothing that end users can do to protect themselves against the effect of a DROWN attack, as the issue is server based in nature.