ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 139 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 139
Topic #: 1
[All 312-50v11 Questions]

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

  • A. Padding oracle attack
  • B. DROWN attack
  • C. DUHK attack
  • D. Side-channel attack
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ANDRESCB1988 at July 23, 2021, 5:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
whysoserious1199
Highly Voted 2 years, 3 months ago
The DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack is a cross-protocol security bug that attacks servers supporting modern SSLv3/TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.[1][2] DROWN can affect all types of servers that offer services encrypted with SSLv3/TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols.[3] Additionally, if the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server. (src= https://en.wikipedia.org/wiki/DROWN_attack)
upvoted 21 times
...
illuded03jolted
Highly Voted 2 years, 3 months ago
DROWN attack allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key.
upvoted 8 times
...
juliosc
Most Recent 9 months, 1 week ago
The server is critically vulnerable to the DROWN attack if it permits SSLv2 connection, which is mostly caused by a misconfiguration or incorrect default settings.
upvoted 2 times
...
Daniel8660
1 year, 1 month ago
Selected Answer: B
Cryptanalysis - DROWN Attack A DROWN attack is a cross-protocol weakness that can communicate and initiate an attack on servers that support recent SSLv3/TLS protocol suites. A DROWN attack makes the attacker decrypt the latest TLS connection between the victim client and server by launching malicious SSLv2 probes using the same private key. (P.3129/3113)
upvoted 4 times
...
ANDRESCB1988
2 years, 3 months ago
correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago