Prerequisites
The client and/or server must utilize a protocol that has a weakness allowing manipulation of the interaction.
Resources Required
The adversary must be able to identify the weakness in the utilized protocol and exploit it. This may require a sniffing tool as well as packet creation abilities. The adversary will be aided if they can force the client and/or server to utilize a specific protocol known to contain exploitable weaknesses.
Related Weaknesses
CWE-ID |
Weakness Name |
|
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. |
Submission
Name |
Organization |
Date |
Date release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2022-02-22 +00:00 |
Updated Description, Extended_Description |