jspωiki
Man-In-The-Middle

Overview#

Man-In-The-Middle (MiTM) is an Attacker or an Observer which is between the Protocol Client and the Protocol Server.

Man-In-The-Middle is a Observer in End-to-End Communications

A Man-In-The-Middle Attacker is typically trying for impersonation of the Protocol Client or the Protocol Server.

Secure connections are methods to attempt to prevent Man-In-The-Middle

Man-In-The-Middle and TLS#

Man-In-The-Middle attack over TLS is possible if a password is used only if the client ignores the warning that the server Certificate Fingerprint has changed. In this case the client would unknowingly create a connection to the attacker, which as the endpoint of the connection can read the plain password as entered by the user and then can forward the data to the original server.

However, this is a End-User and Human Limitation

More Information#

There might be more information for this subject on one of the following: