Information, Computer and Network Security Terms Glossary and Dictionary

SSL Man-in-the-Middle Attacks

SSL Man-in-the-Middle Attacks refer the MITM attacks through SSL/TLS channles. SSL/TLS was supposed to mitigate that risk for web transactions by providing endpoint authentication and encryption. However, it is discovered in late 2000 the feasibility of mounting a MITM attack on the protocol. One faulty SSL client implementation, Microsoft's Internet Explorer, allows for transparent SSL MITM attacks when the attacker has any CA-signed certificate. An even greater risk is posed by unprotected systems where an attacker can preload his/her own trusted root authority certificates. The mitigation for such attack is to properly configure client SSL that would warn the user about problems with the server certificate.

Related Terms

SSL Man-in-the-Middle Attacks