TLS Downgrade Attack

We will focus on TLS Downgrade attack method in this post where we will learn about what and how to detect the attack.

TLS Downgrade attack is an attack that leverages a leak of side-channel from cache access timings. The attack will try to break the RSA key exchanges from TLS implementations.

The picture above is been taken from a plugin that provides a warning about one of the website that didn’t use Secure Connection. The user has been warned about the website and the user view the website with their own risk.

From a Security Profesional perspective, there are several ways to ensure that the website is well protected with TLS been implemented into the website itself.

One of the ways is that scanning the website using sslscan tools where it will query SSL services such as HTTPS and SMTP which supporting STARTTLS that has been implemented within the website.

sslscan has also been created to be an easy, lean and quick for Security Professional to detect any TLS vulnerabilities on the website. Below are the example of SSLscan result of the website that I tested

The command for this is sslscan <website name>

Another way to detect TLS usage is by using the tool nmap. Nmap is been used whenever the tester wants to discover the host and services on the target’s network. The progress is by sending a lot of packets to target and then analyze the responses.

Nmap -v -A <website name> :443


A system administrator needs to upgrade their TLS to the latest version to avoid the attacker to compromise. They also can implement HTTP Strict Transport Security (HSTS) header because it will enforce all connection of the domain to use the TLS and original certification.

Source: Mobile Top 10 2016-M2-Insecure Data Storage

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *