Certified Ethical Hacker (CEH v11) — Question 189

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

Answer options

• A. Padding oracle attack
• B. DROWN attack
• C. DUHK attack
• D. Side-channel attack

Correct answer: B

Explanation

The DROWN attack specifically targets servers that support SSLv2 and can exploit weaknesses in the protocol to decrypt secure communications. Other options, like the Padding oracle attack and DUHK attack, do not directly relate to SSLv2 vulnerabilities, while the Side-channel attack typically involves different methods of information leakage unrelated to SSL protocols.