| Name |
Drop Encryption Level |
|
| Likelyhood of attack |
Typical severity |
| High |
High |
|
| Summary |
An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data. |
| Prerequisites |
|
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-757 |
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-212 |
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data. |
|