DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS. It is a cross-protocol attack on TLS using SSLv2. DROWN allows attackers to break the encryption and read or steal any communication between users and the server. This typically includes, but is not limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents.
For more details, download our advisory: