DROWN is a serious vulnerability that affects HTTPS and other services that rely on the retired protocol SSLv2 . You will be pleased to know that this fault does in no way affect Easysite CMS, as SSLv2 is disabled on the Easysite hosting infrastructure.
DROWN (Decrypting RSA using Obsolete and Weakened eNcryption) is a serious vulnerability that affects HTTPS and other services that rely on SSL (Secure Socket Layer) and TLS. SSL is used to secure information entered from your computer, (for example your username and password when logging onto Gmail or your online banking). You will know if a website is using an SSL as a little padlock symbol appears in the corner of your web browser.
This vulnerability is exploitable:
- Directly: On servers which have SSLv2 enabled.
- Indirectly: On Secure TLS Servers which share the same certificate (private keys) with insecure servers which have SSLv2 enabled.
You will be pleased to know that this fault does in no way affect Easysite CMS, as the Easysite hosting infrastructure utilises IIS7 or above. SSLv2 has been superseded and is disabled in these versions of IIS.
So you can be reassured that your web sites running on Easysite CMS have never been affected by this fault.
While you don’t have to worry about DROWN, we do recommend you make regular use of the Easysite automatic password expiration facility to ensure that your users are prompted to change their passwords on a regular basis, and that they are using the password strength facility.
It is also very important that you remain confident in SSL and ensure that you have appropriately secured your site(s) – if you have further questions about SSL, digital certificates or hosting please speak to us.
