CAPEC-620 Drop Encryption Level – Attack Pattern Analysis

CAPEC-620 Metadata

Likelihood of Attack

High

Typical Severity

High

Overview

Summary

An attacker forces the encryption level to be lowered, thus enabling a successful attack against the encrypted data.

Prerequisites

No prerequisites listed.

Potential Solutions / Mitigations

No specific solutions listed.

Related Weaknesses (CWE)

CWE ID	Description
CWE-757	Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Related CAPECs

CAPEC ID	Description
CAPEC-212	An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

CAPEC ID

Description

CAPEC-212

An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

Taxonomy Mappings

Taxonomy: ATTACK

Entry ID	Entry Name
1600	Weaken Encryption

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.