CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')


The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication. The MITM attack is very effective because of the nature of the http protocol and data transfer which are all ASCII based. In this way, it’s possible to view and interview within the http protocol and also in the data transferred.
After getting access attackers can read and change application data.
The weakness is introduced during Architechture and Design stage.

Latest vulnerabilities for CWE-300


Description of CWE-300 on Mitre website