CWE-757 - Selection of Less-Secure Algorithm During Negotiat


A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the software by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. The weakness is introduced during Architecture and Design stage.

Latest vulnerabilities for CWE-757


Description of CWE-757 on Mitre website