/ Database Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Mitigate the OpenSSL DROWN Attack (CVE-2016-0800)

DZone's Guide to

How to Mitigate the OpenSSL DROWN Attack (CVE-2016-0800)

Unless you’ve been living in a cave you’ll have heard of (or likely will hear about soon) the drown attack. This blog post will discuss how to Mitigate DROWN CVE-2016-0800.

by
·
Mar. 08, 16 · Database Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Built by the engineers behind Netezza and the technology behind Amazon Redshift, AnzoGraph is a native, Massively Parallel Processing (MPP) distributed Graph OLAP (GOLAP) database that executes queries more than 100x faster than other vendors.  

Mitigate DROWN CVE-2016-0800

This blog post will discuss how to Mitigate DROWN CVE-2016-0800.

Unless you’ve been living in a cave you’ll have heard of (or likely will hear about soon) the drown attack. From the Red Hat site:

"A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

Find out more about CVE-2016-0800 from the MITRE CVE dictionary and NIST NVD.”

The following graphic should help explain the vulnerability:

Mitigate DROWN CVE-2016-0800

In short, disable SSLv2 if you do not need it (similar to the way SSLv3 was disabled due to POODLE).

So, how about those services?

  • MySQL uses TLS1.0 for versions < 5.7.10
  • MySQL uses a configuration TLS version when using >= 5.7.10
  • MongoDB uses a configuration variable for the TLS for version when using >= 3.0.7

Please respond in the comments with any questions!

Download AnzoGraph now and find out for yourself why it is acknowledged as the most complete all-in-one data warehouse for BI style and graph analytics.  

Like This Article? Read More From DZone

A Brief History of TLS
Security vs. Time-to-Market: What's More Important?
Using HTTPS to Secure Your Websites: An Intro to Web Security

Free DZone Refcard

Temporal Data Processing
DOWNLOAD
Topics:
ssl ,tls ,vulnerability

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Database Partner Resources

How to Boost Your NoSQL Database Performance
Dependance upon proprietary databases has changed. Compare the enterprise features of MariaDB TX, Oracle, Microsoft and IBM.
AnzoGraph™ Hyperfast Graph OLAP Database providing analytics at Big Data scale.
Don’t let the database be a bottleneck: Solving Database Deployment Problems with Database DevOps
Shift LEFT issue #4: Explores the new world of compliant Database DevOps and how to protect against data breaches without deployment bottlenecks
Tips to deploy and configure a fully secured enterprise database for personal data protection.
Getting Started with Spark and Redis
As simple as SQL: Don Chamberlin shows how to analyze JSON data with SQL++
Beginners Guide to Redis
Moving From Relational to NoSQL: A Step-by-Step Guide for Your First NoSQL Project
Four Key Considerations for Evaluating Graph Warehouses
Improve Database Performance by Migrating to RavenDB 4.0 [Webinar]

Database Partner Resources

How to Boost Your NoSQL Database Performance
Dependance upon proprietary databases has changed. Compare the enterprise features of MariaDB TX, Oracle, Microsoft and IBM.
AnzoGraph™ Hyperfast Graph OLAP Database providing analytics at Big Data scale.
Don’t let the database be a bottleneck: Solving Database Deployment Problems with Database DevOps

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone