OpenSSL (IBB): Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

2016-09-07T17:34:32
ID H1:166629
Type hackerone
Reporter nimia
Modified 2016-09-21T17:50:33

Description

General DROWN was responsibly disclosed to the OpenSSL team prior to the public disclosure. This OpenSSL blog post, by Viktor Dukhovni and Emilia Käsper, describes the vulnerability: https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

This is probably a good opportunity to again thank everyone who helped with the disclosure process :-)