CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Learn about CWE-757 (Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')), its security impact, exploitation methods, and prevention guidelines.
What is Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')?
• Overview: This vulnerability occurs when a system allows negotiation of security protocols and ends up choosing a weaker algorithm for encryption or authentication, making it easier for attackers to exploit the system.
• Exploitation Methods:
- Attackers can manipulate the negotiation process to downgrade the algorithm to a less secure option.
- Common attack patterns include man-in-the-middle attacks that intercept and alter negotiation messages.
• Security Impact:
- Direct consequences include unauthorized access to sensitive data and potential data breaches.
- Potential cascading effects involve broader network compromise if the weaker algorithm is exploited.
- Business impact can include loss of customer trust, legal ramifications, and financial losses.
• Prevention Guidelines:
- Specific code-level fixes include enforcing the use of strong, latest algorithms and protocols by default.
- Security best practices involve regularly updating algorithms and avoiding backward compatibility that compromises security.
- Recommended tools and frameworks include security libraries that enforce strong encryption standards and perform regular security audits.
Corgea can automatically detect and fix Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not specified
Affected Technologies: Not specified