Commit e4a7f10e authored by Jonathan Silverblood's avatar Jonathan Silverblood

Update name for the known MITM risk.

parent c0c1f2d4
......@@ -282,7 +282,7 @@ In a previous version of this document the status codes were different, but due
## Known security risks
### Man in the middle: decoy provider
Please register or sign in to reply
### Decoy provider (Man in the middle attack)
  • 4 | header | header | | ------ | ------ | | cell | cell | | cell | cell |

    • [ ]
Please register or sign in to reply
Since the **challenge request** is allowed to be transferred over a medium that is disconnected from the **service provider** it is possible for an attacker to fetch an authentication request that gives them access, and then present this to the user in a way that tricks the user into believing that they are legitimately interacting with the original **service provider** rather than the attacker.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment