Update name for the known MITM risk.
Showing with 1 addition and 1 deletion
|...||...||@@ -282,7 +282,7 @@ In a previous version of this document the status codes were different, but due|
|## Known security risks|
|### Man in the middle: decoy provider|
|### Decoy provider (Man in the middle attack)|
|Since the **challenge request** is allowed to be transferred over a medium that is disconnected from the **service provider** it is possible for an attacker to fetch an authentication request that gives them access, and then present this to the user in a way that tricks the user into believing that they are legitimately interacting with the original **service provider** rather than the attacker.|