VYPR

CWE-757

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

BaseIncomplete

Description

A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.

When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the product by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. For example, if an attacker can force a communications channel to use cleartext instead of strongly-encrypted data, then the attacker could read the channel by sniffing, instead of going through extra effort of trying to decrypt the data using brute force techniques.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-220 · CAPEC-606 · CAPEC-620

CVEs mapped to this weakness (12)

  • CVE-2024-4995CriDec 18, 2024
    risk 0.64cvss 9.8epss 0.01

    Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.

  • CVE-2025-24154CriJan 27, 2025
    risk 0.59cvss 9.1epss 0.01

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, visionOS 2.3. An attacker may be able to cause unexpected system termination or corrupt kernel…

  • CVE-2024-8773HigMar 24, 2025
    risk 0.54cvss epss 0.00

    SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch…

  • CVE-2017-9269HigMar 1, 2018
    risk 0.50cvss 7.7epss 0.02

    In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

  • CVE-2026-32650HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

  • CVE-2025-10693HigOct 31, 2025
    risk 0.49cvss epss 0.00

    When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.

  • CVE-2017-9267MedMar 2, 2018
    risk 0.42cvss 6.5epss 0.01

    In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

  • CVE-2026-2673MedMar 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more…

  • CVE-2026-6550MedApr 20, 2026
    risk 0.31cvss 4.7epss 0.00

    Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in…

  • CVE-2026-1677MedMay 11, 2026
    risk 0.27cvss 5.3epss 0.00

    Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello…

  • CVE-2026-54780lowJun 19, 2026
    risk 0.00cvss epss

    ### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but does not validate the `DigestMethod` declared on each `ds:Reference`. As a result, a sender can populate…

  • CVE-2019-16791Jan 22, 2020
    risk 0.00cvss epss 0.01

    In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.