A downgrade attack is an attack in which the attacker tries to force two hosts on a network (for example, a client (browser) and a website server) to use an insecure or weakly protected data transmission protocol (such as HTTP instead of HTTPS, or SSL instead of TLS). It is a type of man-in-the-middle attack. If a downgrade attack is successful, the attacker can exploit connection vulnerabilities to intercept and read transmitted data.
How downgrade attacks are possible
When migrating to newer, more secure versions of network protocols, web resources often continue to support older versions in the name of backward compatibility. If both the server and the client connecting to it support a vulnerable version of the network protocol, cybercriminals can launch a downgrade attack.
Classification of downgrade attacks
There are many varieties of downgrade attacks. They can be classified as per the following properties:
- Element — what the attackers are attempting to downgrade: the version of the protocol itself, the encryption algorithm it uses, etc.
- Vulnerability — what makes an attack possible. This could be, for example, superfluous support for outdated versions of a network protocol.
- Attack method. To downgrade the security level of a connection, attackers can, for example, modify a request to establish a secure connection, reset it so that the client or server tries to establish a less secure connection, or send one of the hosts a fake message seemingly from the other.
- Damage. A downgrade attack can result in the security of a connection being weakened or completely compromised.
Protection against downgrade attacks
The main protection methods against downgrade attacks include the following:
- Pulling support for outdated versions of network protocols and encryption algorithms.
- Implementing strict security policies that prohibit vulnerable connections. For example, mail servers by default communicate over an insecure channel, but may use an add-on that encrypts the connection. In addition, administrators of a mail server can prevent it from establishing a connection if the traffic cannot be encrypted.
Note that a network node that does not support insecure connections will be unavailable to nodes that, for some reason, do not support current versions of network protocols. For example, if your company’s security policies prohibit the use of HTTP to connect to sites, users will be unable to access sites that do not support encrypted connections from the corporate network.