OpenSSL DROWN Vulnerablity and Attachmate Products

  • 7021979
  • 02-Mar-2016
  • 02-Mar-2018

Environment

All Attachmate products

Situation

Current Attachmate products are not subject to the OpenSSL DROWN high-severity vulnerability (CVE-2016-0800).

OpenSSL released a security advisory on 1-Mar-2016 which includes a high-severity vulnerability known as DROWN (CVE-2016-0800). Traffic can be decrypted with a server supporting SSLv2 and EXPORT cipher suites, or if any server that shares the same RSA keys supports SSLv2 and EXPORT ciphers. This issue is avoided by disabling SSLv2 support on SSL/TLS servers.

Resolution

Attachmate Products Not Affected

As described in previous security vulnerability alerts, the latest releases of Attachmate products already have SSLv2 and/or export-grade ciphers disabled by default.

References

For additional information, see http://openssl.org/news/secadv/20160301.txt.

Status

Security Alert

Additional Information

Legacy KB ID

This article was originally published as Attachmate technical note 2858.