Ask a Question

Alert ID : ALERT2002

URGENT SECURITY ACTION | SSL & TLS "DROWN" Vulnerability

URGENT

Description

is aware of the following SSLv2 DROWN vulnerability.

This vulnerability centers around the fact that attackers can force a web server to use an old, insecure version of SSL/TLS known as SSLv2. Although no longer used, SSLv2 is still supported by many web servers.

This is a vulnerability with the SSL protocol; existing SSL certificates are not affected and do not need to be replaced.


Recommended actions:

For more information about DROWN vulnerability, visit Symantec's official blog.

 

Disclaimer:
Terms of use for this information are found in Legal Notices