Revert "Replace PitM with MitM"

This reverts commit 23276e0. Reverting to keep acronym as PitM.
bugcrowd · Nov 27, 2023 · 749d754 · 749d754
1 parent 23276e0
commit 749d754
Show file tree

Hide file tree

Showing 12 changed files with 12 additions and 12 deletions.
diff --git a/...rity_misconfiguration/rf_hub/data_leakage_pull_encryption_mechanism/template.md b/...rity_misconfiguration/rf_hub/data_leakage_pull_encryption_mechanism/template.md
@@ -13,7 +13,7 @@ This RFH misconfiguration can result in reputational damage and indirect financi
 ## Steps to Reproduce
 
 1. Setup {{hardware}} and {{software}} to interact with the RF layer of {{target}}
-1. Perform a Man-in-the-Middle (MitM) attack by doing {{action}}, using {{hardware}} and {{software}}
+1. Perform a Person-in-the-Middle (PitM) attack by doing {{action}}, using {{hardware}} and {{software}}
 1. Attempt to bypass the encryption by {{action}} or using meta data from the intercepted messages to decode/decrypt the communication
 
 ## Proof of Concept (PoC)

diff --git a/...tion_and_session_management/cleartext_transmission_of_session_token/template.md b/...tion_and_session_management/cleartext_transmission_of_session_token/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Session tokens help a server trust that the requests it is receiving come from a specific authenticated user. When a session token is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Man-in-the-Middle (MitM) attack. This application transmits the session token via a cleartext transmission which can allow an attacker to access the session token via a PitM attack and send requests to the server pretending to be the legitimate user.
+Session tokens help a server trust that the requests it is receiving come from a specific authenticated user. When a session token is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Person-in-the-Middle (PitM) attack. This application transmits the session token via a cleartext transmission which can allow an attacker to access the session token via a PitM attack and send requests to the server pretending to be the legitimate user.
 
 ## Business Impact
 

diff --git a/...on/insecure_data_transport/cleartext_transmission_of_sensitive_data/template.md b/...on/insecure_data_transport/cleartext_transmission_of_sensitive_data/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-When sensitive data is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Man-in-the-Middle (MitM) attack. An attacker can send requests to the server pretending to be the legitimate user by using a PitM attack to access the sensitive data.
+When sensitive data is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Person-in-the-Middle (PitM) attack. An attacker can send requests to the server pretending to be the legitimate user by using a PitM attack to access the sensitive data.
 
 ## Business Impact
 

diff --git a/...secure_data_transport/executable_download/no_secure_integrity_check/template.md b/...secure_data_transport/executable_download/no_secure_integrity_check/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption or a secure integrity check, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Man-in-the-Middle (MitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user.
+Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption or a secure integrity check, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Person-in-the-Middle (PitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user.
 
 ## Business Impact
 

diff --git a/.../insecure_data_transport/executable_download/secure_integrity_check/template.md b/.../insecure_data_transport/executable_download/secure_integrity_check/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Man-in-the-Middle (MitM) attack. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user.
+Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Person-in-the-Middle (PitM) attack. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user.
 
 ## Business Impact
 

diff --git a/submissions/description/insecure_data_transport/executable_download/template.md b/submissions/description/insecure_data_transport/executable_download/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Man-in-the-Middle (MitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user.
+Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Person-in-the-Middle (PitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user.
 
 ## Business Impact
 

diff --git a/submissions/description/insecure_data_transport/template.md b/submissions/description/insecure_data_transport/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-When data is transmitted over unencrypted channels, it can be intercepted via a Man-in-the-Middle (MitM) attack. An attacker can then gather user data and potentially send requests to the server pretending to be the legitimate user, or otherwise collect sensitive user data.
+When data is transmitted over unencrypted channels, it can be intercepted via a Person-in-the-Middle (PitM) attack. An attacker can then gather user data and potentially send requests to the server pretending to be the legitimate user, or otherwise collect sensitive user data.
 
 ## Business Impact
 

diff --git a/...ion/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md b/...ion/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md
@@ -4,7 +4,7 @@
 
 Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy.
 
-Without SSL certificate pinning, an attacker could perform a Man-in-the-Middle (MitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
+Without SSL certificate pinning, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
 
 ## Business Impact
 

diff --git a/...mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md b/...mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md
@@ -4,7 +4,7 @@
 
 Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy.
 
-When SSL certificate pinning is defeatable, an attacker could perform a Man-in-the-Middle (MitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
+When SSL certificate pinning is defeatable, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
 
 ## Business Impact
 

diff --git a/...escription/mobile_security_misconfiguration/ssl_certificate_pinning/template.md b/...escription/mobile_security_misconfiguration/ssl_certificate_pinning/template.md
@@ -4,7 +4,7 @@
 
 Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Secure Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy.
 
-When SSL certificate pinning is misconfigured, an attacker could perform a Man-in-the-Middle (MitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
+When SSL certificate pinning is misconfigured, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
 
 ## Business Impact
 

diff --git a/...ssions/description/network_security_misconfiguration/telnet_enabled/template.md b/...ssions/description/network_security_misconfiguration/telnet_enabled/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-When telnet is enabled, all data sent over the connection is unsecured as telnet transmits all data via plain text. An attacker could perform a Man-in-the-Middle (MitM) attack and access sensitive data being transmitted via the telnet connection. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
+When telnet is enabled, all data sent over the connection is unsecured as telnet transmits all data via plain text. An attacker could perform a Person-in-the-Middle (PitM) attack and access sensitive data being transmitted via the telnet connection. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users.
 
 ## Business Impact
 

diff --git a/..._security_misconfiguration/lack_of_security_headers/public_key_pins/template.md b/..._security_misconfiguration/lack_of_security_headers/public_key_pins/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of the HTTP response header for `Public-Key-Pins` can lead to sensitive user data being retrieved by an advanced attacker through Man-in-the-Middle (MitM) attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Public-Key-Pins` security header is used in legacy versions of browsers to prevent clients from loading reflected XSS attacks.
+A lack of the HTTP response header for `Public-Key-Pins` can lead to sensitive user data being retrieved by an advanced attacker through Person-in-the-Middle (PitM) attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Public-Key-Pins` security header is used in legacy versions of browsers to prevent clients from loading reflected XSS attacks.
 
 An advanced attacker can leverage a missing `Public-Key-Pins` header to forge certificates and gain access to data through a PitM attack.