A DROWN attack (Decrypting RSA with Obsolete and Weakened eNcryption) is a security vulnerability that affects servers using the outdated SSLv2 protocol. This attack allows hackers to decrypt secure communications by exploiting weaknesses in the SSLv2 implementation, even if the server primarily uses a more secure protocol like TLS. By sending specially crafted messages to the server, attackers can leverage the SSLv2 support to obtain sensitive information, such as passwords or session cookies. To mitigate the risk of a DROWN attack, it is recommended that servers disable SSLv2 and ensure they are using up-to-date encryption protocols.