Certified Ethical Hacker (CEH v13) — Question 289

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

Answer options

• A. Padding oracle attack
• B. DROWN attack
• C. DUHK attack
• D. Side-channel attack

Correct answer: B

Explanation

The DROWN attack specifically targets servers that allow SSLv2 connections, exploiting the weaknesses in this outdated protocol to decrypt secure connections. Other options, like the Padding oracle and DUHK attacks, do not directly relate to the vulnerabilities associated with SSLv2. The Side-channel attack is a broader category of attacks that doesn't specifically address the SSLv2 issue.