/ Database Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Mitigate the OpenSSL DROWN Attack (CVE-2016-0800)

DZone's Guide to

How to Mitigate the OpenSSL DROWN Attack (CVE-2016-0800)

Unless you’ve been living in a cave you’ll have heard of (or likely will hear about soon) the drown attack. This blog post will discuss how to Mitigate DROWN CVE-2016-0800.

by
·
Mar. 08, 16 · Database Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Built by the engineers behind Netezza and the technology behind Amazon Redshift, AnzoGraph is a native, Massively Parallel Processing (MPP) distributed Graph OLAP (GOLAP) database that executes queries more than 100x faster than other vendors.  

Mitigate DROWN CVE-2016-0800

This blog post will discuss how to Mitigate DROWN CVE-2016-0800.

Unless you’ve been living in a cave you’ll have heard of (or likely will hear about soon) the drown attack. From the Red Hat site:

"A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

Find out more about CVE-2016-0800 from the MITRE CVE dictionary and NIST NVD.”

The following graphic should help explain the vulnerability:

Mitigate DROWN CVE-2016-0800

In short, disable SSLv2 if you do not need it (similar to the way SSLv3 was disabled due to POODLE).

So, how about those services?

  • MySQL uses TLS1.0 for versions < 5.7.10
  • MySQL uses a configuration TLS version when using >= 5.7.10
  • MongoDB uses a configuration variable for the TLS for version when using >= 3.0.7

Please respond in the comments with any questions!

Download AnzoGraph now and find out for yourself why it is acknowledged as the most complete all-in-one data warehouse for BI style and graph analytics.  

Like This Article? Read More From DZone

A Brief History of TLS
Security vs. Time-to-Market: What's More Important?
Using HTTPS to Secure Your Websites: An Intro to Web Security

Free DZone Refcard

Working With Time Series Data
DOWNLOAD
Topics:
ssl ,tls ,vulnerability

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Database Partner Resources

Reduce graph database costs with a managed service
Trillion-triples Benchmarking Report: Game-changer AnzoGraph™ 100x faster than previous best.
Improve Database Performance by Migrating to RavenDB 4.0 [Webinar]
Beginners Guide to Redis
Download Free: New Compliant Database DevOps Whitepaper from Redgate
Why a NoSQL Database is the Best Solution for a Startup
Redis Enterprise as a Database for Microservices
How to Boost Your NoSQL Database Performance
Shift LEFT issue #4: Explores the new world of compliant Database DevOps and how to protect against data breaches without deployment bottlenecks
2019 State of Database DevOps Report: latest insights on DevOps adoption rates among SQL Server Professionals
Altoros NoSQL Performance Benchmark 2018: Compare Couchbase Server, MongoDB, and DataStax Enterprise
Moving From Relational to NoSQL: A Step-by-Step Guide for Your First NoSQL Project

Database Partner Resources

Reduce graph database costs with a managed service
Trillion-triples Benchmarking Report: Game-changer AnzoGraph™ 100x faster than previous best.
Improve Database Performance by Migrating to RavenDB 4.0 [Webinar]
Beginners Guide to Redis

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone