Skip to main content
IAM Strategy Report CIAM Buyer's Guide Contact Us
Janrain respects your privacy and will treat the personal data you choose to share with us in accordance with our privacy policy.
 

DROWN Attack: What you need to know

By Lisa Nicholson | Posted on March 21, 2016

Blog Banner

At Janrain, we make keeping our customers’ data secure and private a top priority, which includes sharing updates around industry vulnerabilities even if they are not directly tied to a Janrain account.

Recently, an international group of researchers unveiled a SSL vulnerability referred to as DROWN. At Janrain, we reviewed our architecture and we do not support any outdated versions of SSL; therefore, Janrain is not vulnerable to DROWN.

In the interest of sharing what we have learned, if any of your systems accepts SSLv2 (even if not actively used for data transfer), those systems may be vulnerable to the DROWN exploit. In this case, you should follow up with your vendors and internal security/risk team to ensure your data is protected from this potential exploit.

For more information about DROWN and to check if systems at your company may be at risk, please visit https://drownattack.com/.
As always, if you ever have questions around how attacks may affect your Janrain account, please visit the Janrain Trust site.

Popular Posts

About the author

Lisa Nicholson

Director of Information Security

Lisa Nicholson is Janrain's Director of Information Security responsible for cyber security as well as governance, risk, and compliance (GRC). She joined the leading Customer Identity and Access Management company in 2014 leveraging her database, network, quality assurance, testing, project management and security experience to return to the information security fold. Most recently, she worked as a QA manager, SQL developer and SQL DBA for various Portland, OR startups.

View all posts by Lisa Nicholson