Downgrade attack
Downgrade attack
A downgrade attack, also known as a bidding-down attack, is a form of cryptographic attack where an attacker forces a communication protocol to abandon a high-quality mode of operation and fall back to a lower-quality, less secure mode. This type of attack exploits the backward compatibility features of many protocols, which are designed to support older, less secure versions for interoperability purposes.
Mechanism[edit | edit source]
In a typical downgrade attack, the attacker intercepts the communication between two parties and manipulates the protocol negotiation process. By doing so, the attacker can trick the parties into using a weaker encryption algorithm or an older version of the protocol that is more vulnerable to attacks. This allows the attacker to more easily decrypt, modify, or eavesdrop on the communication.
Examples[edit | edit source]
One of the most well-known examples of a downgrade attack is the POODLE attack (Padding Oracle On Downgraded Legacy Encryption), which targets the SSL 3.0 protocol. Despite being largely replaced by TLS, many systems still support SSL 3.0 for backward compatibility. The POODLE attack exploits this by forcing a connection to downgrade from TLS to SSL 3.0, which is vulnerable to certain types of attacks.
Another example is the Logjam attack, which targets the Diffie-Hellman key exchange protocol. In this attack, the attacker forces the use of weaker 512-bit keys, making it feasible to break the encryption and intercept the communication.
Prevention[edit | edit source]
To prevent downgrade attacks, it is essential to:
- Disable support for outdated and insecure protocol versions.
- Use strong, up-to-date encryption algorithms.
- Implement Strict Transport Security (HSTS) to ensure that connections are always made using secure protocols.
- Regularly update software and systems to patch known vulnerabilities.
Related Pages[edit | edit source]
- Cryptographic attack
- Man-in-the-middle attack
- POODLE attack
- Logjam attack
- SSL 3.0
- TLS
- Diffie-Hellman key exchange
- Strict Transport Security
 | This cryptography-related article is a stub. You can help WikiMD by expanding it. |
Search WikiMD
Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro / Zepbound) available.
Advertise on WikiMD
|
WikiMD's Wellness Encyclopedia |
| Let Food Be Thy Medicine Medicine Thy Food - Hippocrates |
Translate this page: - East Asian
中文,
日本,
한국어,
South Asian
हिन्दी,
தமிழ்,
తెలుగు,
Urdu,
ಕನ್ನಡ,
Southeast Asian
Indonesian,
Vietnamese,
Thai,
မြန်မာဘာသာ,
বাংলা
European
español,
Deutsch,
français,
Greek,
português do Brasil,
polski,
română,
русский,
Nederlands,
norsk,
svenska,
suomi,
Italian
Middle Eastern & African
عربى,
Turkish,
Persian,
Hebrew,
Afrikaans,
isiZulu,
Kiswahili,
Other
Bulgarian,
Hungarian,
Czech,
Swedish,
മലയാളം,
मराठी,
ਪੰਜਾਬੀ,
ગુજરાતી,
Portuguese,
Ukrainian
WikiMD is not a substitute for professional medical advice. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.
Contributors: Prab R. Tumpati, MD
