man-in-the-middle attack (MitM)

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Abbreviations / Acronyms / Synonyms:

MitM

MITM

NIST SP 800-121 Rev. 2

MitMA

Definitions:

  A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association.
Sources:
CNSSI 4009-2015 from IETF RFC 4949 Ver 2

  An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them. In the context of authentication, the attacker would be positioned between claimant and verifier, between registrant and CSP during enrollment, or between subscriber and CSP during authenticator binding.
Sources:
NIST SP 1800-21B under Person (Man)-in-the-Middle Attack

  An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.
Sources:
NISTIR 7711 under Man-In-The-Middle

About

See the identified Source document to understand each term-definition pair in its proper context.

Send inquiries about terminology to the Source's authors; NIST publications will usually include a contact email for that Source.

For other inquiries, such as comments about the Glossary's presentation and functionality, use this link.

See the Glossary homepage for more guidance.