Downgrade attack

A downgrade attack, also called a bidding-down attack,^[1] or version rollback attack, is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. cleartext) that is typically provided for backward compatibility with older systems.^[2] An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server.^[3] This is one of the most common types of downgrade attacks. Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade attacks, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks (e.g., sslstrip), as the initial redirect is not protected by encryption.^[4]

^ "Security Implications of 5G Networks" (PDF). U C Berkeley Center for Long-Term Cybersecurity. Retrieved 24 November 2021.
^ "Version rollback attack".
^ Praetorian (19 August 2014). "Man-in-the-Middle TLS Protocol Downgrade Attack". Praetorian. Retrieved 13 April 2016.
^ Mutton, Paul (17 March 2016). "95% of HTTPS servers vulnerable to trivial MITM attacks | Netcraft". www.netcraft.com. Retrieved 11 December 2023.

[1] "Security Implications of 5G Networks" (PDF). U C Berkeley Center for Long-Term Cybersecurity. Retrieved 24 November 2021.

[2] "Version rollback attack".

[3] Praetorian (19 August 2014). "Man-in-the-Middle TLS Protocol Downgrade Attack". Praetorian. Retrieved 13 April 2016.

[4] Mutton, Paul (17 March 2016). "95% of HTTPS servers vulnerable to trivial MITM attacks | Netcraft". www.netcraft.com. Retrieved 11 December 2023.

[1]

[2]

[3]

[4]