An interesting approach to a Man-in-the-Middle Attack against a Password Reset System
The PRMitM attack exploits the similarity of the registration and password reset processes to launch a man in the middle (MitM) attack at the application level. The attacker initiates a password reset process with a website and forwards every challenge to the victim who either wishes to register in the attacking site or to access a particular resource on it.
Source:Â The Password Reset MitM Attack