CPSEC-9: OpenSSL vulnerable to DROWN attack
October 19, 2018
Summary: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products and required a server to send a ServerVerify message before establishing the client possesses certain plaintext RSA data. This action makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a “DROWN” attack. Cradlepoint routers were not affected by this vulnerability (CVE-2016-0800).
Mitigation: Update firmware to version 6.1.0 or newer as part of the normal maintenance schedule.