Downgrade attack
Downgrade attack
A downgrade attack, also known as a bidding-down attack, is a form of cryptographic attack where an attacker forces a communication protocol to abandon a high-quality mode of operation and fall back to a lower-quality, less secure mode. This type of attack exploits the backward compatibility features of many protocols, which are designed to support older, less secure versions for interoperability purposes.
Mechanism[edit | edit source]
In a typical downgrade attack, the attacker intercepts the communication between two parties and manipulates the protocol negotiation process. By doing so, the attacker can trick the parties into using a weaker encryption algorithm or an older version of the protocol that is more vulnerable to attacks. This allows the attacker to more easily decrypt, modify, or eavesdrop on the communication.
Examples[edit | edit source]
One of the most well-known examples of a downgrade attack is the POODLE attack (Padding Oracle On Downgraded Legacy Encryption), which targets the SSL 3.0 protocol. Despite being largely replaced by TLS, many systems still support SSL 3.0 for backward compatibility. The POODLE attack exploits this by forcing a connection to downgrade from TLS to SSL 3.0, which is vulnerable to certain types of attacks.
Another example is the Logjam attack, which targets the Diffie-Hellman key exchange protocol. In this attack, the attacker forces the use of weaker 512-bit keys, making it feasible to break the encryption and intercept the communication.
Prevention[edit | edit source]
To prevent downgrade attacks, it is essential to:
- Disable support for outdated and insecure protocol versions.
- Use strong, up-to-date encryption algorithms.
- Implement Strict Transport Security (HSTS) to ensure that connections are always made using secure protocols.
- Regularly update software and systems to patch known vulnerabilities.
Related Pages[edit | edit source]
- Cryptographic attack
- Man-in-the-middle attack
- POODLE attack
- Logjam attack
- SSL 3.0
- TLS
- Diffie-Hellman key exchange
- Strict Transport Security
 | This cryptography-related article is a stub. You can help WikiMD by expanding it. |
Search WikiMD
Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro / Zepbound) available.
Advertise on WikiMD
|
WikiMD's Wellness Encyclopedia |
| Let Food Be Thy Medicine Medicine Thy Food - Hippocrates |
Translate this page: - East Asian
中文,
日本,
한국어,
South Asian
हिन्दी,
தமிழ்,
తెలుగు,
Urdu,
ಕನ್ನಡ,
Southeast Asian
Indonesian,
Vietnamese,
Thai,
မြန်မာဘာသာ,
বাংলা
European
español,
Deutsch,
français,
Greek,
português do Brasil,
polski,
română,
русский,
Nederlands,
norsk,
svenska,
suomi,
Italian
Middle Eastern & African
عربى,
Turkish,
Persian,
Hebrew,
Afrikaans,
isiZulu,
Kiswahili,
Other
Bulgarian,
Hungarian,
Czech,
Swedish,
മലയാളം,
मराठी,
ਪੰਜਾਬੀ,
ગુજરાતી,
Portuguese,
Ukrainian
Medical Disclaimer: WikiMD is not a substitute for professional medical advice. The information on WikiMD is provided as an information resource only, may be incorrect, outdated or misleading, and is not to be used or relied on for any diagnostic or treatment purposes. Please consult your health care provider before making any healthcare decisions or for guidance about a specific medical condition. WikiMD expressly disclaims responsibility, and shall have no liability, for any damages, loss, injury, or liability whatsoever suffered as a result of your reliance on the information contained in this site. By visiting this site you agree to the foregoing terms and conditions, which may from time to time be changed or supplemented by WikiMD. If you do not agree to the foregoing terms and conditions, you should not enter or use this site. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.
Contributors: Prab R. Tumpati, MD
