ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 51 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 51
Topic #: 1
[All 312-50v12 Questions]

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

  • A. Padding oracle attack
  • B. DROWN attack
  • C. DUHK attack
  • D. Side-channel attack
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by eli117 at April 4, 2023, 5:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Vincent_Lu
Highly Voted 1 year, 1 month ago
B. DROWN attack ------------------------------- A. Padding oracle attack: Exploiting padding to decrypt data. B. DROWN attack: Decrypting SSL/TLS communications through SSLv2 vulnerability. C. DUHK attack: Exploiting weak random number generators to compromise encryption. D. Side-channel attack: Extracting sensitive data through unintended channels, such as power consumption, electromagnetic radiation, or timing variations, to infer sensitive data or cryptographic keys.
upvoted 17 times
...
eli117
Highly Voted 1 year, 3 months ago
Selected Answer: B
B. DROWN attack Explanation: The scenario describes a vulnerability where the web server permits SSLv2 connections and the same private key certificate is used on a different server that also allows SSLv2 connections. This is a security weakness because SSLv2 is a deprecated and insecure protocol that is susceptible to attacks. One attack that can be performed by exploiting this vulnerability is the DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack. This attack allows an attacker to decrypt intercepted SSL traffic by exploiting a vulnerability in the SSLv2 protocol. In the DROWN attack, the attacker first sends specially crafted packets to the SSLv2 server to obtain data encrypted with the server's private key. The attacker can then use this data to decrypt intercepted SSL traffic that was encrypted with the same private key.
upvoted 10 times
...
insaniunt
Most Recent 7 months, 1 week ago
Selected Answer: B
B. DROWN attack
upvoted 1 times
...
jeremy13
1 year, 2 months ago
Selected Answer: B
B. DROWN attack
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel