Short notes - DROWN attack on servers with protocol SSLv2 – avm.de and myfritz.net not affected
DROWN attack on servers with protocol SSLv2 – avm.de and myfritz.net not affected
Media outlets have reported on a security leak concerning the outdated server protocol SSLv2. In test screenings of the encryption, avm.de came out as vulnerable.
Yet, avm.de and myfritz.net are not affected.
Neither is the currently implemented SSL/TLS in the FRITZ!Box.
SSLv2 was only used for an externally hosted server that was responsible for a rarely visited subdomain of avm.de until recently. This was fixed the same day the DROWN possibility was released. However, tests don't show this distinction and fall back on older data.