Swift Action Taken to Secure Servers After DROWN Vulnerability Disclosure
Following the disclosure of the DROWN vulnerability in OpenSSL on March 1st, swift action was taken to secure vulnerable servers. Internal scanning on March 2nd revealed three servers susceptible to DROWN, part of a decommissioned partner-facing application.
Upon discovery, access to the respective services on these servers was immediately turned off. The IP addresses remained available, but no DNS names were connected, making it difficult to identify the partner companies involved. Queries received on March 3rd sought clarification on the servers' DROWN susceptibility.
Exploitation of DROWN can result in the decryption of SSL/TLS sessions, posing a significant security risk. To mitigate this, a new private key is being used to reissue the certificate served on these machines.
The prompt response to the DROWN vulnerability has ensured that the vulnerable servers are no longer accessible, preventing potential data breaches. The reissuance of certificates with a new private key further strengthens security. However, the identities of the partner companies connected to the three vulnerable servers remain unknown.
