Tag Archives: MitM

The Password Reset MitM Attack

An interesting approach to a Man-in-the-Middle Attack against a Password Reset System

The PRMitM attack exploits the similarity of the registration and password reset processes to launch a man in the middle (MitM) attack at the application level. The attacker initiates a password reset process with a website and forwards every challenge to the victim who either wishes to register in the attacking site or to access a particular resource on it.

Source: The Password Reset MitM Attack