Endpoint Impersonation in an Encrypted Communication Channel
Variants:
Direct
Also Known As:
Lack of Certificate Validation
Vector Type:
Attack
Relevance:
Generic
Layer:
Web-Infrastructure-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Communication Encryption, Authentication Verification
Invented In:
01/02/1995
Added In:
22/12/2014
Vector Operation Method:
Lack of client-server certificate validation can enable attackers with access to the network to impersonate the various parties.
