A security analyst reviews network traffic logs and observes a client and server initially trying to negotiate a connection using TLS 1.3. After several failed attempts, the connection is successfully established using the older, vulnerable SSL 3.0 protocol. This allows an attacker to intercept and decrypt the traffic. Which of the following cryptographic attacks has MOST likely occurred?
A downgrade attack is an attack where an adversary forces a system to abandon a higher-quality mode of operation (like using TLS 1.3) in favor of an older, less secure mode (like SSL 3.0). The scenario describes this process exactly. A replay attack involves capturing and re-transmitting valid data, not changing the protocol. A buffer overflow is a memory-based attack that overwrites a buffer's boundaries. Phishing is a social engineering attack that tricks users into revealing information and does not involve protocol negotiation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a downgrade attack work in practice?
Open an interactive chat with Bash
What is the difference between a downgrade attack and a replay attack?
Open an interactive chat with Bash
What security best practices can prevent downgrade attacks?