During a security assessment, an attacker positioned between a web browser and an e-commerce server manipulates the TLS handshake so that both parties abandon TLS 1.3 and settle on TLS 1.0, which is vulnerable to known exploits such as POODLE. Which type of cryptographic attack is being executed?
By intercepting the negotiation and forcing the client and server to use an older, weaker protocol version, the adversary is performing a downgrade attack. Side-channel attacks exploit physical signals, birthday attacks seek hash collisions, and replay attacks resend previously captured messages to gain access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a downgrade attack?
Open an interactive chat with Bash
How does a downgrade attack differ from a replay attack?
Open an interactive chat with Bash
How can systems be protected against downgrade attacks?