A new vulnerability could leave as many as one-third of HTTPS websites open to decryption, meaning that sensitive data including usernames, passwords and credit card numbers could be at risk.
The vulnerability has been dubbed DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) and affects servers using an SSLv2 certificate. The website for DROWN states that as many as 33% of sites could be affected, including 25% within the top one million domains.
One-third of HTTPS websites left vulnerable to DROWN attack
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.