CWE-757 - Selection of Less-Secure Algorithm During Negotiat

Description

A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the software by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. The weakness is introduced during Architecture and Design stage.

Latest vulnerabilities for CWE-757

Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps 2024-01-30
High Yes

Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA) 2022-10-25
High Yes

Multiple vulnerabilities in Western Digital My Cloud OS 5 2022-07-26
Medium Yes

Multiple vulnerabilities in Apple iOS and iPadOS 2021-05-25
High Yes

Algorithm Downgrade in Philips Clinical Collaboration Platform 2020-09-21
Low No

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR 2020-01-07
High Yes

References

Description of CWE-757 on Mitre website