The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
1
cwe_id
757
name
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
description
A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.