See: vz22043.plusserver.de is vulnerable to DROWn. This is the Reverse DNS address for telekom-partnerwelt.de,
which as scanned is not given as vulnerable. Could there exist danger this is working through? Anyone?
I think it is as the port is directly vulnerable here: https://test.drownattack.com/?site=85.25.96.38
polonus (volunteer website security analyst and website error-hunter)
P.S. Some issues to tackle: https://test.drownattack.com/?site=plusserver.de
Why the DROWn threat may be that dangerous, as we have seen in the above example?
Whenever the vulnerable server and possibly even a completely other server share the same certificate (and so the accompanying private key) for whatever protocol (https, SMTPS, POP3s, IMAPs etc) still supporting SSLv2, the MitM attacker could also hack/crack that primairy connection, also on an according to a SSLLabsĀ“scan safe connection. :o
Info credits go to Erik van Straten.
That could make this attack such a lively dangerous one.
polonus