3 min
Nexpose
How to use Nexpose to find all assets affected by DROWN
Introduction
DROWN is a cross-protocol attack against OpenSSL. The attack uses export cipher
suites and SSLv2 to decrypt TLS sessions. SSLv2 was developed by Netscape and
released in February 1995. Due to it containing a number of security flaws, the
protocol was completely redesigned and SSLv3 was released in 1996. Even though
SSLv2 was declared obsolete over 20 years ago, there are still servers
supporting the protocol. What's both fascinating and devastating about the DROWN
attack, is that se