Jake's vulnerability scanner reports that the software his organization is running is vulnerable to a cryptographic downgrade attack. What concern should Jake have about this potential issue?
Answer Options
Attackers may be able to force use of a weaker encryption algorithm, making data easier to access.
Attackers may be able to force use of weaker hashing, making it easier to recover passwords.
Attackers may be able to force use of older versions of the software, including previously patched vulnerabilities.
Attackers may be able to force encryption to be turned off, causing information to be sent in plain text.
Correct Answer: A
Explanation
Cryptographic downgrade attacks like POODLE, FREAK, and Logjam all rely on flaws that cause software to use weaker encryption options. This could allow attackers to capture traffic encrypted with weaker encryption, potentially allowing them to decrypt the traffic and read it. They do not allow hashing changes to recover passwords, reversion to old versions of software, or encryption to be entirely turned off.