DROWN Attack: What you need to know

At Janrain, we make keeping our customers’ data secure and private a top priority, which includes sharing updates around industry vulnerabilities even if they are not directly tied to a Janrain account.

Recently, an international group of researchers unveiled a SSL vulnerability referred to as DROWN. At Janrain, we reviewed our architecture and we do not support any outdated versions of SSL; therefore, Janrain is not vulnerable to DROWN.

In the interest of sharing what we have learned, if any of your systems accepts SSLv2 (even if not actively used for data transfer), those systems may be vulnerable to the DROWN exploit. In this case, you should follow up with your vendors and internal security/risk team to ensure your data is protected from this potential exploit.

For more information about DROWN and to check if systems at your company may be at risk, please visit https://drownattack.com/.
As always, if you ever have questions around how attacks may affect your Janrain account, please visit the Janrain Trust site.