Forum Discussion

stonehorse's avatar
stonehorse
Advisor
5 years ago
Solved

SSLv2-Drown Vulnerability

I did a network scan earlier today and the result was telling me the Actiontec T3200M modem/router is at high risk for SSLv2-Drown. The recommendation was to update the firmware. Logging into the rou...
  • Nighthawk's avatar
    Nighthawk
    5 years ago

    The Drown vulnerability has nothing to do with your router. It has to do with the encryption over the internet between your PC or device and a target server outside your network. The vulnerability comes from the target server you connect to that is utilizing the older SSLv2 encryption. Telus doesn't allow users to remotely log in to their gateways remotely so there isn't a risk of this exploit being used there. If you have a server hosted somewhere, then you'd definitely want to ensure the configuration has SSLv2 disabled. 

stonehorse's avatar
stonehorse
Advisor
5 years ago

Got it. So Telus doesn't feel this particular vulnerability is an high risk issue? 

Nighthawk's avatar
Nighthawk
Icon for Community Power User rankCommunity Power User
5 years ago

The Drown vulnerability has nothing to do with your router. It has to do with the encryption over the internet between your PC or device and a target server outside your network. The vulnerability comes from the target server you connect to that is utilizing the older SSLv2 encryption. Telus doesn't allow users to remotely log in to their gateways remotely so there isn't a risk of this exploit being used there. If you have a server hosted somewhere, then you'd definitely want to ensure the configuration has SSLv2 disabled. 

  • stonehorse's avatar
    stonehorse
    Advisor
    5 years ago

    Thank you for the detailed reply, much appreciated. ðŸ˜Š

Related Content