Researchers have uncovered an attack that can compromise encrypted network traffic in a matter of hours. The DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack successfully decrypts TLS (transport layer security) sessions by exploiting a vulnerability in the older SSL v2 protocol that exposes private RSA keys. Administrators are urged to update vulnerable versions of OpenSSL as soon as possible. The attack is made worse by two additional implementation vulnerabilities in the project team to address the issues.”]
Source: https://www.csoonline.com/article/3040052/openssl-update-fixes-drown-vulnerability.html