Downgrade attack
Lua error in package.lua at line 80: module 'strict' not found. A downgrade attack is a form of attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an old, lower-quality mode of operation (e.g. clear text) that is there for backward compatibility with older systems. This is a flaw found in OpenSSL and it allows the attacker to negotiate to a lower version of TLS between the client and server.[1] This is one of the most common types of downgrade attacks.
Downgrade attacks are often implemented as part of a man-in-the-middle attack, and may be used as a way of enabling a cryptographic attack that might not be possible otherwise. Downgrade attacks have been a consistent problem with the SSL/TLS family of protocols; examples of such attacks include the POODLE attack.
Removing backward compatibility is often the only way to prevent downgrade attacks.
References
<templatestyles src="Reflist/styles.css" />
Cite error: Invalid <references> tag; parameter "group" is allowed only.
<references />, or <references group="..." /><templatestyles src="Asbox/styles.css"></templatestyles>
 |
This computer security article is a stub. You can help Wikipedia by expanding it. |
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
