1 |
What does DROWN stand for? |
2 |
How can I contact the DROWN research team? |
3 |
Is there a CVE for DROWN? |
4 |
How easy is it to carry out the attack? Is it practical? |
5 |
What popular sites are affected? |
6 |
Is the vulnerability currently being exploited by attackers? |
7 |
SSLv2 has been known to be insecure for 20 years. What’s the big deal? |
8 |
Does DROWN allow an attacker to steal the server’s private key? |
9 |
Can DROWN be also used to perform MitM attacks? |
10 |
Does Perfect Forward Secrecy (PFS) prevent DROWN? |
11 |
Do I need to get a new certificate for my server? |
12 |
I have a firewall that allows filtering of SSLv2 traffic. Should I filter that traffic? |
13 |
My HTTPS server is certified PCI compliant, so I already know I have SSLv2 disabled. Do I still need to take action? |
14 |
I have an old embedded device that doesn’t allow me to disable SSLv2, and I have to keep it running. What do I do? |
15 |
SSLLabs says I have SSLv2 disabled. That means I’m safe, right? |
16 |
Why does your tool say I support SSLv2, but nmap says I don't? |
17 |
Are you planning to release the code for your implementation of the attack? |
18 |
What factors contributed to DROWN? |
19 |
Where else can I learn about DROWN? |