SSL Man-in-the-Middle Attacks

by Peter Burkholder
Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication threats/vulnerabilities

TCP/IP protocols have long been subject to man-in-the-middle (MITM) attacks, but the advent of SSL/TLS was supposed to mitigate that risk for web transactions by providing endpoint authentication and encryption. The advent of Dug Song's 'webmitm' in late 2000 demonstrated the feasibility of mounting an MITM attack on the protocol, but a properlyconfigured client SSL implementation would warn the user about problems with the server certificate.

https://www.sans.org/reading-room/whitepapers/threats/ssl-man-in-the-middle-attacks-480