Overview#

Man-In-The-Middle (MiTM) is an Attacker or an Observer which is between the Protocol Client and the Protocol Server.

Man-In-The-Middle is a Observer in End-to-End Communications

A Man-In-The-Middle Attacker is typically trying for impersonation of the Protocol Client or the Protocol Server.

Secure connections are methods to attempt to prevent Man-In-The-Middle

Man-In-The-Middle and TLS#

Man-In-The-Middle attack over TLS is possible if a password is used only if the client ignores the warning that the server Certificate Fingerprint has changed. In this case the client would unknowingly create a connection to the attacker, which as the endpoint of the connection can read the plain password as entered by the user and then can forward the data to the original server.

However, this is a End-User and Human Limitation

More Information#

There might be more information for this subject on one of the following:

• Active attacker
• Anonymous Cipher Suite
• Authenticated Protected Channel
• CRAM-MD5
• Cell-Site Simulators
• Certificate Pinning
• Certificate Validation
• Channel Binding
• ClientKeyExchange
• Code injection
• CryptoAPI
• DNS over HTTPS
• DNSChain
• Delegation vs Impersonation
• Demonstration of Proof-of-Possession
• Elliptic Curve Menezes-Qu-Vanstone
• Extended Protection for Authentication
• Implicit Grant
• LDAP Connection Maintenance
• LDAP Signing
• LDAPServerIntegrity
• LOA 3
• LOA 4
• Logjam
• M-04-04 Level of Assurance (LOA)
• Malicious Endpoint
• Mallory
• MiTM
• Non-Repudiation
• Opportunistic encryption
• Password Validator
• Password-authenticated Key Agreement
• Password-authenticated Key Exchange
• Perspectives Project
• Proxy
• Proxy Server
• Public Key Infrastructure Weaknesses
• Public Key Pinning Extension for HTTP
• Public Wi-Fi
• QUANTUM
• Quality of Protection
• SSL-TLS Interception
• Secure Socket Layer
• Secure connection
• WebAuthn Authenticator