[www.kde.org] [Bug 368929] New: SSL certificate *.kde.org is vulnerable to DROWN attack

Thomas Bettler via KDE Bugzilla Fri, 16 Sep 2016 14:51:19 -0700

https://bugs.kde.org/show_bug.cgi?id=368929


            Bug ID: 368929
           Summary: SSL certificate *.kde.org is vulnerable to DROWN
                    attack
           Product: www.kde.org
           Version: unspecified
          Platform: unspecified
               URL: https://www.ssllabs.com/ssltest/analyze.html?d=kde.org
                    &s=91.189.93.5#drownTable
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: kde-...@kde.org
          Reporter: thomas.bett...@gmail.com

According to https://test.drownattack.com/?site=212.110.188.12
developer.kde.org provides mail services via SSLv2 using the same SSL
certificate as kde.org does.

These servers reusing the same RSA keys render the SSL encryption vulnerable to
the DROWN attack. https://drownattack.com/drown-attack-paper.pdf

Reproducible: Always


Actual Results:  
see
https://www.ssllabs.com/ssltest/analyze.html?d=kde.org&s=91.189.93.5#drownTable

Expected Results:  
no vulnerability

-- 
You are receiving this mail because:
You are watching all bug changes.

[www.kde.org] [Bug 368929] New: SSL certificate *.kde.org is vulnerable to DROWN attack

Reply via email to