The sslstrip tool takes advantage of this security oversight — it allows an attacker to intercept traffic before the upgrade takes place, replacing HTTPS URLs in login forms (for example) with their HTTP equivalents.
sslstrip
