Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-757 (在会话协商时选择低安全性的算法(算法降级)) — Vulnerability Class 20

20 vulnerabilities classified as CWE-757 (在会话协商时选择低安全性的算法(算法降级)). AI Chinese analysis included.

CWE-757 represents a critical configuration weakness where a protocol or its implementation fails to select the strongest available cryptographic algorithm during negotiation between multiple actors. This vulnerability typically arises when the system allows parties to agree on a protection mechanism, such as encryption or authentication, but defaults to or accepts a weaker option than what both sides support. Attackers exploit this by intercepting the negotiation process, forcing a downgrade to less secure algorithms like RC4 or MD5, thereby enabling traffic decryption or integrity forgery. To mitigate this risk, developers must enforce strict policy configurations that mandate the use of the highest-strength algorithms supported by all participants. Implementing default-deny rules for weak ciphers and validating negotiated parameters against a whitelist of approved strong algorithms ensures that security is never compromised by inferior choices during the handshake phase.

MITRE CWE Description
A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the product by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. For example, if an attacker can force a communications channel to use cleartext instead of strongly-encrypted data, then the attacker could read the channel by sniffing, instead of going through extra effort of trying to decrypt the data using brute force techniques.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets — Zephyr 5.3 Medium2026-05-11
CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python — AWS Encryption SDK for Python 4.7 Medium2026-04-20
CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade — Anviz CrossChex Standard 7.5 High2026-04-17
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group — OpenSSL 5.3 -2026-03-13
CVE-2025-10693 Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure — Silicon Labs Z-Wave SDK 6.5 -2025-10-31
CVE-2025-59270 psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse — psPAS 3.1 Low2025-09-16
CVE-2025-36582 Dell NetWorker 安全漏洞 — NetWorker 4.8 Medium2025-07-01
CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP — SIMPLE.ERP 9.1AICriticalAI2025-03-24
CVE-2024-4995 Protocol Downgrade in Wapro ERP Desktop — Wapro ERP Desktop 9.1 -2024-12-18
CVE-2024-20069 MediaTek 芯片 安全漏洞 — MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8675, MT8771, MT8791T, MT8797 6.5AIMediumAI2024-06-03
CVE-2022-33160 IBM Security Directory Suite information disclosure — Security Directory Suite 3.7 Low2023-10-06
CVE-2023-2974 Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol — Red Hat build of Quarkus 2.13.8.Final 6.5 Medium2023-07-04
CVE-2022-23000 Weak Default SSL use in Port Forwarding Service — My Cloud 7.3 High2022-07-25
CVE-2018-25029 Z-Wave 安全漏洞 — Z-Wave 8.1 -2022-02-04
CVE-2021-36326 Dell Emc Streaming Data Platform 安全漏洞 — Dell EMC Streaming Data Platform 6.5 Medium2021-11-30
CVE-2020-16200 Philips Clinical Collaboration Platform Algorithm Downgrade — Clinical Collaboration Platform 6.5 Medium2020-09-18
CVE-2020-10135 Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks — BR/EDR 5.4 Medium2020-05-19
CVE-2019-14887 红帽 Red Hat Wildfly 安全漏洞 — wildfly 7.5 -2020-03-16
CVE-2019-16791 downgrade of effective Strict Transport Security (STS) policy in postfix-mta-sts-resolver — postfix-mta-sts-resolver 6.9 Medium2020-01-22
CVE-2017-9267 eDirectory LDAP peer certificate validation issue — eDirectory 7.5 -2018-03-02

Vulnerabilities classified as CWE-757 (在会话协商时选择低安全性的算法(算法降级)) represent 20 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.