OpenSSL (IBB): Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

ID H1:166629
Type hackerone
Reporter nimia
Modified 2016-09-21T17:50:33


General DROWN was responsibly disclosed to the OpenSSL team prior to the public disclosure. This OpenSSL blog post, by Viktor Dukhovni and Emilia Käsper, describes the vulnerability:

This is probably a good opportunity to again thank everyone who helped with the disclosure process :-)