OpenSSL (IBB): Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)

ID H1:138179
Type hackerone
Reporter dadrian
Modified 2016-06-01T03:39:41


This is a retroactive submission of CVE-2016-0703, a.k.a. the "Extra Clear" bug, which can lead to the Special DROWN variant of the DROWN attack. After some discussion with the other DROWN authors, I'm submitting on behalf of myself (David Adrian) and J. Alex Halderman the vulnerability CVE-2016-0703, which was acknowledged by OpenSSL as Sev:High at