[www.kde.org] [Bug 368929] New: SSL certificate *.kde.org is vulnerable to DROWN attack
Thomas Bettler via KDE Bugzilla
bugzilla_noreply at kde.org
Fri Sep 16 21:51:02 UTC 2016
https://bugs.kde.org/show_bug.cgi?id=368929
Bug ID: 368929
Summary: SSL certificate *.kde.org is vulnerable to DROWN
attack
Product: www.kde.org
Version: unspecified
Platform: unspecified
URL: https://www.ssllabs.com/ssltest/analyze.html?d=kde.org
&s=91.189.93.5#drownTable
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: kde-www at kde.org
Reporter: thomas.bettler at gmail.com
According to https://test.drownattack.com/?site=212.110.188.12
developer.kde.org provides mail services via SSLv2 using the same SSL
certificate as kde.org does.
These servers reusing the same RSA keys render the SSL encryption vulnerable to
the DROWN attack. https://drownattack.com/drown-attack-paper.pdf
Reproducible: Always
Actual Results:
see
https://www.ssllabs.com/ssltest/analyze.html?d=kde.org&s=91.189.93.5#drownTable
Expected Results:
no vulnerability
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-www
mailing list