Certified Ethical Hacker (CEH v12) — Question 50

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

Answer options

• A. Padding oracle attack
• B. DROWN attack
• C. DUHK attack
• D. Side-channel attack

Correct answer: B

Explanation

The DROWN attack specifically targets servers that support SSLv2, allowing attackers to decrypt secure connections by exploiting the weaknesses in the SSLv2 protocol. The other attacks listed, such as the Padding oracle attack, DUHK attack, and Side-channel attack, do not directly exploit the vulnerabilities associated with SSLv2, making them incorrect options in this context.