New – SSL based DROWN attack !!!!!

The DROWN attack – it has already got a name, like recent high profile crypto attacks Lucky13, BEAST, and POODLE – is a “cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients”.

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.


Check your website here


For more details please visit


Drown Attack