Name |
Drop Encryption Level |
|
Likelyhood of attack |
Typical severity |
High |
High |
|
Summary |
An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data. |
Prerequisites |
|
Solutions | |
Related Weaknesses |
CWE ID
|
Description
|
CWE-757 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
|
Related CAPECS |
CAPEC ID
|
Description
|
CAPEC-212 |
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data. |
|