How is Blackbaud NetCommunity impacted by the DROWN vulnerability?

In March 2016, the DROWN vulnerability was discovered. DROWN stands for Decrypting RSA with Obsolete and Weakened Encryption and affects HTTPS and other services that utilize SSL and SSLv2. 
 
The DROWN vulnerability is a cross-protocol security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. DROWN can affect all types of servers that offer services encrypted with TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols.

Disabling SSLv2 on the system that supports it is sufficient to prevent the DROWN attack. 

If you are hosted by Blackbaud:

SSLv2 is disabled on all hosted servers. We have disabled this protocol where it was present in our environment and continue our standard processes of reviewing our configurations for all exceptions or deviations to our preferred configurations.

If your organization hosts Blackbaud NetCommunity and/or The Raiser's Edge Web Services Server (or REWS):

System administrators should work directly with their security team and internal resources to address the DROWN vulnerability and to disable SSLv2 on the Blackbaud NetCommunity web server and/or REWS.
Note: Throughout this article, we have provided links to third-party websites. We provide links to third-party websites in an effort to help you resolve your issue. We are not responsible for the information on third-party websites, and we cannot assist in implementing the solutions on these websites.

Environment

 Blackbaud NetCommunity

Was this article helpful?


Thanks for your feedback! Did this solve your issue?

Comments (optional):


Thanks for your feedback!
We're glad it was helpful but sorry it didn’t solve your issue. If you need assistance, click Chat with Support below.
We’re sorry to hear that. Please tell us why.

 I don't like how this works.

 The answer is confusing.

 The answer didn't match what I was searching for.

Additional Comments (optional):


Thanks for your feedback! If you need assistance, click Chat with Support below.
Thanks for your feedback. Help us make our products even better by sharing details in our Idea Banks or our online Community.
Thanks for letting us know. We'll work on clarifying the information in the article. If you need assistance, click Chat with Support below.
Thanks for letting us know. We'll work on updating the search engine to return more relevant results.