Return
-
Title
Is Defender vulnerable to DROWN attacks? -
Description
Is Defender susceptible to the DROWN vulnerability? -
Resolution
One Identity Defender is not susceptible to the DROWN vulnerability.
The Management Portal is by default using HTTP only; any further configuration regarding HTTPS would be done within IIS itself outside of Defender.
If LDAPS is configured, Defender will be communicating using the configuration of the target server and is outside of Defender.
-
Additional Information
This Microsoft TechNet article may offer further detail regarding configuration options available: How to Disable SSLv2 on a Windows Server 2008 and Windows Server 2008 R2 Domain Controller