CVEbaza.plSłownik CWECWE-757
Common Weakness Enumeration

CWE-757

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Kategoria: BaseCVE: 25
Opis

Protokół lub jego implementacja umożliwia interakcję między wieloma stronami i pozwala im negocjować, który algorytm powinien być używany jako mechanizm ochrony, taki jak szyfrowanie lub uwierzytelnianie, ale nie wybiera najsilniejszego dostępnego algorytmu dla obu stron. W wyniku tego możliwe jest wymuszenie użycia słabszego algorytmu, co obniża poziom bezpieczeństwa komunikacji.

Description (EN)

A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.

Podatności CVE z CWE-757 (25)
9.1
CVSS
CRITICAL
CVE-2025-24154

Podatność typu out-of-bounds write w systemach Apple iOS, iPadOS oraz macOS umożliwia atakującemu zdalnie wywołanie nieoczekiwanego zakończenia systemu lub uszkodzenie pamięci jądra (kernel memory). Wysoki wynik CVSS 9.1 oraz brak wymagań dotyczących uwierzytelnienia czynią ją szczególnie niebezpieczną.

pub. 2025-01-27
9.1
CVSS
CRITICAL
CVE-2024-4995

Wapro ERP Desktop jest podatny na wymuszony downgrade protokołu MS SQL przez serwer, co skutkuje przesyłaniem danych w formie niezaszyfrowanej. Umożliwia to przechwycenie i modyfikację wrażliwych danych biznesowych przez atakującego.

pub. 2024-12-18
9.1
CVSS
CRITICAL
CVE-2024-38883

Podatność w oprogramowaniu Horizon Business Services Inc. Caterease umożliwia zdalnemu atakującemu przeprowadzenie ataku typu Drop Encryption Level, polegającego na wymuszeniu negocjacji słabszego algorytmu kryptograficznego. Zagrożenie jest krytyczne, ponieważ nie wymaga uwierzytelnienia ani interakcji użytkownika, a może prowadzić do ujawnienia i modyfikacji przesyłanych danych.

pub. 2024-08-02
9.1
CVSS
CRITICAL
CVE-2019-14887

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.

pub. 2020-03-16
8.3
CVSS
HIGH
CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch 6.30@a03.9, which make it possible for an administrator to enforce encrypted communication. Versions 6.20 and 6.25 remain unpatched.

pub. 2025-03-24
8.1
CVSS
HIGH
CVE-2018-25029

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.

pub. 2022-02-04
7.7
CVSS
HIGH
CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

pub. 2018-03-01
7.6
CVSS
HIGH
CVE-2025-10693

When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.

pub. 2025-10-31
7.5
CVSS
HIGH
CVE-2026-32650

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

pub. 2026-04-17
7.5
CVSS
HIGH
CVE-2024-23656

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.

pub. 2024-01-25
7.3
CVSS
HIGH
CVE-2022-23000

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.

pub. 2022-07-25
6.9
CVSS
MEDIUM
CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

pub. 2020-01-22
6.5
CVSS
MEDIUM
CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.

pub. 2026-03-13
6.5
CVSS
MEDIUM
CVE-2024-20069

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

pub. 2024-06-03
6.5
CVSS
MEDIUM
CVE-2023-2974

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

pub. 2023-07-04
6.5
CVSS
MEDIUM
CVE-2021-36326

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format.

pub. 2021-11-30
6.5
CVSS
MEDIUM
CVE-2020-16200

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

pub. 2020-09-18
6.5
CVSS
MEDIUM
CVE-2017-9267

In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

pub. 2018-03-02
5.7
CVSS
MEDIUM
CVE-2026-6550

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. To remediate this issue, users should upgrade to version 3.3.1, 4.0.5 or above.

pub. 2026-04-20
5.4
CVSS
MEDIUM
CVE-2020-10135

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

pub. 2020-05-19
Pokazano 20 z 25 podatności
Informacje
ID: CWE-757
Typ: Base
Podatności: 25
MITRE CWE ↗
← Słownik CWE