Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
Unknown
Vulnerability Details
General DROWN was responsibly disclosed to the OpenSSL team prior to the public disclosure.
This OpenSSL blog post, by Viktor Dukhovni and Emilia Käsper, describes the vulnerability:
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/
This is probably a good opportunity to again thank everyone who helped with the disclosure process :-)
Actions
View on HackerOneReport Stats
- Report ID: 166629
- State: Closed
- Substate: resolved
- Upvotes: 13