In technical terms, DROWN is a new form of cross-protocol Bleichenbacher padding oracle attack (http://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5). It allows an attacker to decrypt intercepted TLS connections by making specially crafted connections to an SSLv2 server that uses the same private key
What is vulnerable?
Any server product which provides SSLv2, or is potentially hosted under SSLv2 is potentially vulnerable.
IDM is not vulnerable to the DROWN attack because
- The native components utilizing OpenSSL already disabled SSLv2 (&SSLv3) as a part of the POODLE fix.
- Java apps using JSSE are not vulnerable as SSLv2 is not implemented