Home >> Taxonomy >> Attacks >> Session hijacking or man in the middle

Session Hijacking (Man-in-the-Middle)

Session hijacking, or man-in-the-middle (MitM) attack, is a security breach where an unauthorized party intercepts and possibly alters communication between a user and a server. This allows the attacker to gain unauthorized access to sensitive information, such as login credentials or session tokens, potentially leading to impersonation and unauthorized account access.

Example

Lenovo faced backlash in 2015 when it was revealed that some of its laptops were pre-installed with adware called Superfish. Superfish used a self-signed root certificate to intercept and inspect encrypted connections, potentially leaving users vulnerable to man-in-the-middle attacks. The presence of this adware not only raised serious security concerns but also led to a loss of trust in Lenovo's products.

Links

• How Lenovo's Superfish 'Malware' Works
• Session Hijacking

Cards

Authorization

• Authorization 7

Session-management

• Session-management 2
• Session-management 3
• Session-management 4
• Session-management 5
• Session-management 6
• Session-management 7
• Session-management 8
• Session-management 9
• Session-management Q
• Session-management K
• Session-management A

View source on GitHub

Loading comments 0%