Network traffic encrypted using an RSA-based SSL
certificate may be decrypted if enough SSLv2 handshake data can be
collected. Exploitation of this vulnerability - referred to as DROWN in
public reporting - may allow a remote attacker to obtain the private key
of a server supporting SSLv2. CERT-GH encourages users and administrators to review the attached advisory for additional information and mitigation details.
Find attached advisory
Cheers,
WISDOM DONKOR (S/N Eng.)
ICANN Fellow / ISOC Member, IGF Member, Diplo Foundation OGP Working Group Member, Africa OD Working Group Member
E-government / Open Government Data Specialist
National Information Technology Agency (NITA)
Ghana Open Data Initiative (GODI)
Post Office Box CT. 2439, Cantonments, Accra, Ghana