Return
-
Title
Is Cloud Access Manager vulnerable to the SSLv2 DROWN attack? -
Description
There is a SSLv2 attack called DROWN that can affect HTTP servers supporting the SSLv2 protocol. -
Cause
OpenSSL.org has released this document discussing the vulnerability.
http://openssl.org/news/secadv/20160301.txt
-
Resolution
RESOLUTION:
SSL has not been enabled in Cloud Access Manager since 7.1.0 SSLv2 was never enabled for the front end. (CAM to Client Browser).
Cloud Access Manager is not vulnerable to a DROWN attack.