Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Symantec Scan Engine 220.127.116.11, and possibly other versions before 18.104.22.168, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
Skill or Knowledge Level: Medium
This attack can get sophisticated since the attack may use cryptography.
The attacker can try to get the public-keys of the victims.
There are free software tool to perform man in the middle attack (packet analysis, etc.)
Get your Public Key signed by a Certificate Authority
Encrypt your communication using cryptography (SSL,...)
Use Strong mutual authentication to always fully authenticate both ends of any communications channel.
Exchange public keys using a secure channel
[R.94.1] [REF-3] "Common Weakness Enumeration (CWE)". CWE-300 - Man-in-the-middle (MITM). Draft. The MITRE Corporation. 2007. <http://cwe.mitre.org/data/definitions/300.html>.
[R.94.2] M. Bishop. "Computer Security: Art and Science". Addison-Wesley. 2003.
More information is available — Please select a different filter.