U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

man-in-the-middle attack (MitM)

Abbreviation(s) and Synonym(s):

MitM
MITM
MitMA

Definition(s):

  A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association.
Source(s):
CNSSI 4009-2015 from IETF RFC 4949 Ver 2

  An attack that occurs when an adversary deceives an SS/MS to appear as a legitimate BS while simultaneously deceiving a BS to appear as a legitimate SS/MS. This may allow an adversary to act as a pass-through for all communications and to inject malicious traffic into the communications stream.
Source(s):
NIST SP 800-127 [Withdrawn] under Man-in-the-middle (MITM)

  An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them. In the context of authentication, the attacker would be positioned between claimant and verifier, between registrant and CSP during enrollment, or between subscriber and CSP during authenticator binding.
Source(s):
NIST SP 800-63-3 under Man-in-the-Middle Attack (MitM)
NIST SP 1800-21B under Person (Man)-in-the-Middle Attack from NIST SP 800-63-3

  An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.
Source(s):
NISTIR 7711 under Man-In-The-Middle

  An attack on the authentication protocol run in which the Attacker positions himself or herself in between the Claimant and Verifier so that he can intercept and alter data traveling between them.
Source(s):
NIST SP 800-63-2 [Superseded] under Man-in-the-Middle Attack (MitM)