Article - CS230981
Is Windchill vulnerable to the DROWN SSL (CVE-2016-0800 ) vulnerability ?
Modified: 06-May-2016
Applies To
- Windchill PDMLink 9.1 to 11.0
- FlexPLM 9.1 to 10.2
Description
- Is Windchill vulnerable to the DROWN SSL vulnerability (CVE-2016-0800 ) ?
- DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a vulnerability in the SSLv2 protocol
- It allows brute force methods to determine the servers Encryption keys
- Once the keys are obtained any encrypted traffic to or from the server can be decrypted.
- For additional information see:
- https://drownattack.com/
- https://www.openssl.org/news/secadv/20160301.txt
This is a printer-friendly version of Article 230981 and may be out of date. For the latest version click CS230981