Common Weakness Enumeration

CWE-300

Discouraged

Channel Accessible by Non-Endpoint

Abstraction: Class · Status: Draft

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

95 vulnerabilities reference this CWE, most recent first.

GHSA-FX6X-H9G4-56F8

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2023-08-22 14:31
VLAI
Summary
containernetworking/plugins vulnerable to MitM attacks
Details

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containernetworking/plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-10749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-13T20:04:42Z",
    "nvd_published_at": "2020-06-03T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.",
  "id": "GHSA-fx6x-h9g4-56f8",
  "modified": "2023-08-22T14:31:14Z",
  "published": "2022-05-24T17:19:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10749"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containernetworking/plugins"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containernetworking/plugins/releases/tag/v0.8.6"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "containernetworking/plugins vulnerable to MitM attacks"
}

GHSA-G465-XM3V-VHJ4

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-26T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.",
  "id": "GHSA-g465-xm3v-vhj4",
  "modified": "2022-05-13T01:36:33Z",
  "published": "2022-05-13T01:36:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6052"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98033"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCP8-45QV-X5W6

Vulnerability from github – Published: 2025-02-06 21:32 – Updated: 2025-02-06 21:32
VLAI
Details

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-06T20:15:39Z",
    "severity": "HIGH"
  },
  "details": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.",
  "id": "GHSA-gcp8-45qv-x5w6",
  "modified": "2025-02-06T21:32:09Z",
  "published": "2025-02-06T21:32:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47258"
    },
    {
      "type": "WEB",
      "url": "https://www.2n.com/en-GB/download/cve_2024_47258_acom_3_3_v1pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H2F7-G9RH-RR7G

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-10-26 12:00
VLAI
Details

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-03T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition",
  "id": "GHSA-h2f7-g9rh-rr7g",
  "modified": "2022-10-26T12:00:40Z",
  "published": "2022-05-24T19:03:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32926"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HWXF-WJQ7-J3HM

Vulnerability from github – Published: 2023-12-23 15:30 – Updated: 2025-11-04 18:30
VLAI
Details

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-23T13:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.",
  "id": "GHSA-hwxf-wjq7-j3hm",
  "modified": "2025-11-04T18:30:45Z",
  "published": "2023-12-23T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7008"
    },
    {
      "type": "WEB",
      "url": "https://github.com/systemd/systemd/issues/25676"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2463"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3203"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-7008"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222261"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241122-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3RQ-4XJW-XG63

Vulnerability from github – Published: 2023-12-04 23:13 – Updated: 2023-12-04 23:13
VLAI
Summary
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
Details

Impact

Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest.

Patches

The issue has been patched in v1.4.0

Workarounds

Directly using the REST API of the Coordinator and manually verifying and pinning the certificate to a set Manifest avoids the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/edgelesssys/marblerun"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-04T23:13:42Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nAny CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest.\n\n### Patches\n The issue has been patched in [`v1.4.0`](https://github.com/edgelesssys/marblerun/releases/tag/v1.4.0)\n\n### Workarounds\n\nDirectly using the REST API of the Coordinator and manually verifying and pinning the certificate to a set Manifest avoids the issue.\n",
  "id": "GHSA-j3rq-4xjw-xg63",
  "modified": "2023-12-04T23:13:42Z",
  "published": "2023-12-04T23:13:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/marblerun/security/advisories/GHSA-j3rq-4xjw-xg63"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/edgelesssys/marblerun"
    },
    {
      "type": "WEB",
      "url": "https://github.com/edgelesssys/marblerun/releases/tag/v1.4.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks"
}

GHSA-J94P-GV3V-CG5Q

Vulnerability from github – Published: 2025-04-08 15:31 – Updated: 2025-04-08 15:31
VLAI
Details

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50565"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-08T14:15:31Z",
    "severity": "LOW"
  },
  "details": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device",
  "id": "GHSA-j94p-gv3v-cg5q",
  "modified": "2025-04-08T15:31:05Z",
  "published": "2025-04-08T15:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50565"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4HR-5G26-HJJ4

Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31
VLAI
Details

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23810"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T17:16:19Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim\u0027s BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.",
  "id": "GHSA-m4hr-5g26-hjj4",
  "modified": "2026-03-04T18:31:53Z",
  "published": "2026-03-04T18:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23810"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG63-673F-RG9P

Vulnerability from github – Published: 2025-02-06 15:32 – Updated: 2025-02-06 15:32
VLAI
Details

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-06T13:15:38Z",
    "severity": "MODERATE"
  },
  "details": "Identity verification vulnerability in the ParamWatcher module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-mg63-673f-rg9p",
  "modified": "2025-02-06T15:32:52Z",
  "published": "2025-02-06T15:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12602"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MMR9-P6PG-2MP3

Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30
VLAI
Details

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system.

This vulnerability is due to insufficient input validation. An authenticated attacker with read-only privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T18:15:36Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system.\n\nThis vulnerability is due to insufficient input validation. An authenticated attacker with read-only privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.",
  "id": "GHSA-mmr9-p6pg-2mp3",
  "modified": "2025-05-07T18:30:48Z",
  "published": "2025-05-07T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20122"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Always fully authenticate both ends of any communications channel.

Mitigation
Architecture and Design

Adhere to the principle of complete mediation.

Mitigation
Implementation

A certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer's private key. The certificate can be validated by deciphering the certificate with the issuer's public key. See also X.509 certificate signature chains and the PGP certification structure.

CAPEC-466: Leveraging Active Adversary in the Middle Attacks to Bypass Same Origin Policy

An attacker leverages an adversary in the middle attack (CAPEC-94) in order to bypass the same origin policy protection in the victim's browser. This active adversary in the middle attack could be launched, for instance, when the victim is connected to a public WIFI hot spot. An attacker is able to intercept requests and responses between the victim's browser and some non-sensitive website that does not use TLS.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-589: DNS Blocking

An adversary intercepts traffic and intentionally drops DNS requests based on content in the request. In this way, the adversary can deny the availability of specific services or content to the user even if the IP address is changed.

CAPEC-590: IP Address Blocking

An adversary performing this type of attack drops packets destined for a target IP address. The aim is to prevent access to the service hosted at the target IP address.

CAPEC-612: WiFi MAC Address Tracking

In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are intended to be unique to each wireless device (although they can be configured and changed by software). Once the attacker is able to associate a MAC address with a particular user or set of users (for example, when attending a public event), the attacker can then scan for that MAC address to track that user in the future.

CAPEC-613: WiFi SSID Tracking

In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. These messages are frequently transmitted by WiFi access points (e.g., the retransmission device) as well as by clients that are accessing the network (e.g., the handset/mobile device). Once the attacker is able to associate an SSID with a particular user or set of users (for example, when attending a public event), the attacker can then scan for this SSID to track that user in the future.

CAPEC-615: Evil Twin Wi-Fi Attack

Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is intercepted, captured, and analyzed. This also allows the adversary to use "adversary-in-the-middle" (CAPEC-94) for all communications.

CAPEC-662: Adversary in the Browser (AiTB)

An adversary exploits security vulnerabilities or inherent functionalities of a web browser, in order to manipulate traffic between two endpoints.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.