CAPEC-94

Meta Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: High Severity: Very High
Adversary in the Middle (AiTM)

Description

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.

Prerequisites

There are two components communicating with each other.

An attacker is able to identify the nature and mechanism of communication between the two target components.

An attacker can eavesdrop on the communication between the target components.

Strong mutual authentication is not used between the two target components yielding opportunity for attacker interposition.

The communication occurs in clear (not encrypted) or with insufficient and spoofable encryption.

Mitigations

Ensure Public Keys are signed by a Certificate Authority

Encrypt communications using cryptography (e.g., SSL/TLS)

Use Strong mutual authentication to always fully authenticate both ends of any communications channel.

Exchange public keys using a secure channel

Skills Required

[Medium] This attack can get sophisticated since the attack may use cryptography.