Downgrade Attack
A downgrade attack is a cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.
- indicators are found in server logs or by intrusion detection systems
Example
- combination of an on-path and downgrade attack on HTTPS
- try to force the client to use:
- a weak version of TLS
- or downgrade to the legacy SSL protocol
- makes it easier for a threat actor to
- force the use of weak cipher suites
- forge the signature of a certificate authority that the client trusts
Kerberoasting Attack
A Kerberoasting attack attempts to discover the passwords that protect service accounts by obtaining service tickets and subjecting them to brute force password cracking attacks.
- type of downgrade attack used to attack Active Directory
- If the credential portion of the service ticket is encrypted using AES
- it is very hard to brute force
- If attack is able to cause the server to return the ticket using weak RC4 encryption
- then can attempt to crack the service password