'The DROWN' Attack vulnerability - WeOnlyDo Discussion board

'The DROWN' Attack vulnerability (wodSSH / wodSSH.NET)

by g_phanikiran, Friday, March 11, 2016, 12:59 (619 days ago)

Is wodSSH.NET, WeOnlyDo.Client.FTP affected by the Drown Attack vulnerability? I am using v2.6 and 1.7 versions respectively.
If affected, is there a hotfix or a patch available to overcome this vulnerability?

'The DROWN' Attack vulnerability

by Jasmine, Friday, March 11, 2016, 13:06 (619 days ago) @ g_phanikiran

Hi.

Since DROWN is related to SSL/TLS, wodSSH.NET is not vulnerable (different protocol).

As for wodFtpDLX.NET, it depends on the server if it has enabled SSLv2 or not. You can enforce use of TLS through SecureMethod property

SslProtocols

so from client's perspective you don't even give ability for SSLv2 to be used.

I hope this helps!
Jasmine