Man-in-the-Middle Attack

medium

mitm-attack

Attacker intercepts and potentially modifies communication between two connected services

TamperingInformation DisclosureSpoofing

MITRE ATT&CK techniques

ID	Name	Tactic
T1557	Adversary-in-the-Middle	Credential Access
T1040	Network Sniffing	Credential Access

Common Weakness Enumeration

Mitigating controls

ctrl-mitm-1: Encrypt all traffic using TLS 1.2 or higher
ctrl-mitm-2: Implement mutual TLS (mTLS) authentication
ctrl-mitm-3: Use certificate pinning where applicable
ctrl-mitm-4: Implement network segmentation

References

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html