diff --git a/submissions/description/automotive_security_misconfiguration/rf_hub/data_leakage_pull_encryption_mechanism/template.md b/submissions/description/automotive_security_misconfiguration/rf_hub/data_leakage_pull_encryption_mechanism/template.md index eeb7cfb8..522e7c90 100644 --- a/submissions/description/automotive_security_misconfiguration/rf_hub/data_leakage_pull_encryption_mechanism/template.md +++ b/submissions/description/automotive_security_misconfiguration/rf_hub/data_leakage_pull_encryption_mechanism/template.md @@ -13,7 +13,7 @@ This RFH misconfiguration can result in reputational damage and indirect financi ## Steps to Reproduce 1. Setup {{hardware}} and {{software}} to interact with the RF layer of {{target}} -1. Perform a Man-in-the-Middle (MitM) attack by doing {{action}}, using {{hardware}} and {{software}} +1. Perform a Person-in-the-Middle (PitM) attack by doing {{action}}, using {{hardware}} and {{software}} 1. Attempt to bypass the encryption by {{action}} or using meta data from the intercepted messages to decode/decrypt the communication ## Proof of Concept (PoC) diff --git a/submissions/description/broken_authentication_and_session_management/cleartext_transmission_of_session_token/template.md b/submissions/description/broken_authentication_and_session_management/cleartext_transmission_of_session_token/template.md index b8cdf8f4..501ec921 100644 --- a/submissions/description/broken_authentication_and_session_management/cleartext_transmission_of_session_token/template.md +++ b/submissions/description/broken_authentication_and_session_management/cleartext_transmission_of_session_token/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Session tokens help a server trust that the requests it is receiving come from a specific authenticated user. When a session token is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Man-in-the-Middle (MitM) attack. This application transmits the session token via a cleartext transmission which can allow an attacker to access the session token via a PitM attack and send requests to the server pretending to be the legitimate user. +Session tokens help a server trust that the requests it is receiving come from a specific authenticated user. When a session token is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Person-in-the-Middle (PitM) attack. This application transmits the session token via a cleartext transmission which can allow an attacker to access the session token via a PitM attack and send requests to the server pretending to be the legitimate user. ## Business Impact diff --git a/submissions/description/insecure_data_transport/cleartext_transmission_of_sensitive_data/template.md b/submissions/description/insecure_data_transport/cleartext_transmission_of_sensitive_data/template.md index d2551892..fa9a8ecf 100644 --- a/submissions/description/insecure_data_transport/cleartext_transmission_of_sensitive_data/template.md +++ b/submissions/description/insecure_data_transport/cleartext_transmission_of_sensitive_data/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -When sensitive data is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Man-in-the-Middle (MitM) attack. An attacker can send requests to the server pretending to be the legitimate user by using a PitM attack to access the sensitive data. +When sensitive data is transmitted in cleartext over an unencrypted channel, it can be intercepted via a Person-in-the-Middle (PitM) attack. An attacker can send requests to the server pretending to be the legitimate user by using a PitM attack to access the sensitive data. ## Business Impact diff --git a/submissions/description/insecure_data_transport/executable_download/no_secure_integrity_check/template.md b/submissions/description/insecure_data_transport/executable_download/no_secure_integrity_check/template.md index f260cba5..99de807c 100644 --- a/submissions/description/insecure_data_transport/executable_download/no_secure_integrity_check/template.md +++ b/submissions/description/insecure_data_transport/executable_download/no_secure_integrity_check/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption or a secure integrity check, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Man-in-the-Middle (MitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user. +Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption or a secure integrity check, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Person-in-the-Middle (PitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user. ## Business Impact diff --git a/submissions/description/insecure_data_transport/executable_download/secure_integrity_check/template.md b/submissions/description/insecure_data_transport/executable_download/secure_integrity_check/template.md index 9836e936..45ecc1b0 100644 --- a/submissions/description/insecure_data_transport/executable_download/secure_integrity_check/template.md +++ b/submissions/description/insecure_data_transport/executable_download/secure_integrity_check/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Man-in-the-Middle (MitM) attack. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user. +Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application without encryption, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Person-in-the-Middle (PitM) attack. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user. ## Business Impact diff --git a/submissions/description/insecure_data_transport/executable_download/template.md b/submissions/description/insecure_data_transport/executable_download/template.md index 6a9fbdcc..5f2486b7 100644 --- a/submissions/description/insecure_data_transport/executable_download/template.md +++ b/submissions/description/insecure_data_transport/executable_download/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Man-in-the-Middle (MitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user. +Risk levels for an application are raised when executable files are able to be downloaded as it increases the chances of malicious files being downloaded and executing in the system, or on an end user’s device. An executable file can be downloaded within this application, enabling an attacker to observe the contents of the downloaded file through a network sniffing or Person-in-the-Middle (PitM) attack. An attacker could also download a malicious executable instead of the intended file. If the downloaded file contains sensitive information, the attacker could use this to perform further attacks on the application or impersonate a user. ## Business Impact diff --git a/submissions/description/insecure_data_transport/template.md b/submissions/description/insecure_data_transport/template.md index 082012c5..6e8ae748 100644 --- a/submissions/description/insecure_data_transport/template.md +++ b/submissions/description/insecure_data_transport/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -When data is transmitted over unencrypted channels, it can be intercepted via a Man-in-the-Middle (MitM) attack. An attacker can then gather user data and potentially send requests to the server pretending to be the legitimate user, or otherwise collect sensitive user data. +When data is transmitted over unencrypted channels, it can be intercepted via a Person-in-the-Middle (PitM) attack. An attacker can then gather user data and potentially send requests to the server pretending to be the legitimate user, or otherwise collect sensitive user data. ## Business Impact diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md index f35b1115..8d0d0817 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/absent/template.md @@ -4,7 +4,7 @@ Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. -Without SSL certificate pinning, an attacker could perform a Man-in-the-Middle (MitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. +Without SSL certificate pinning, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. ## Business Impact diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md index 9a81696e..b014e17c 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/defeatable/template.md @@ -4,7 +4,7 @@ Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. -When SSL certificate pinning is defeatable, an attacker could perform a Man-in-the-Middle (MitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. +When SSL certificate pinning is defeatable, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. ## Business Impact diff --git a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md index d248b1fa..0a27f13e 100644 --- a/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md +++ b/submissions/description/mobile_security_misconfiguration/ssl_certificate_pinning/template.md @@ -4,7 +4,7 @@ Mobile security misconfigurations can occur at any level of the application stack and can involve unpatched software, unprotected files or pages, or unauthorized access to the application. Secure Sockets Layer (SSL) pinning adds an extra layer of security for an application as it forces the application to validate the server’s CA certificate against a known copy. -When SSL certificate pinning is misconfigured, an attacker could perform a Man-in-the-Middle (MitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. +When SSL certificate pinning is misconfigured, an attacker could perform a Person-in-the-Middle (PitM) attack on the user. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. ## Business Impact diff --git a/submissions/description/network_security_misconfiguration/telnet_enabled/template.md b/submissions/description/network_security_misconfiguration/telnet_enabled/template.md index e9270fbb..ef991197 100644 --- a/submissions/description/network_security_misconfiguration/telnet_enabled/template.md +++ b/submissions/description/network_security_misconfiguration/telnet_enabled/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -When telnet is enabled, all data sent over the connection is unsecured as telnet transmits all data via plain text. An attacker could perform a Man-in-the-Middle (MitM) attack and access sensitive data being transmitted via the telnet connection. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. +When telnet is enabled, all data sent over the connection is unsecured as telnet transmits all data via plain text. An attacker could perform a Person-in-the-Middle (PitM) attack and access sensitive data being transmitted via the telnet connection. With access to sensitive data through a PitM attack they could perform further attacks on the application, the business, or its users. ## Business Impact diff --git a/submissions/description/server_security_misconfiguration/lack_of_security_headers/public_key_pins/template.md b/submissions/description/server_security_misconfiguration/lack_of_security_headers/public_key_pins/template.md index 926e5747..5f4d8410 100644 --- a/submissions/description/server_security_misconfiguration/lack_of_security_headers/public_key_pins/template.md +++ b/submissions/description/server_security_misconfiguration/lack_of_security_headers/public_key_pins/template.md @@ -2,7 +2,7 @@ ## Overview of the Vulnerability -A lack of the HTTP response header for `Public-Key-Pins` can lead to sensitive user data being retrieved by an advanced attacker through Man-in-the-Middle (MitM) attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Public-Key-Pins` security header is used in legacy versions of browsers to prevent clients from loading reflected XSS attacks. +A lack of the HTTP response header for `Public-Key-Pins` can lead to sensitive user data being retrieved by an advanced attacker through Person-in-the-Middle (PitM) attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Public-Key-Pins` security header is used in legacy versions of browsers to prevent clients from loading reflected XSS attacks. An advanced attacker can leverage a missing `Public-Key-Pins` header to forge certificates and gain access to data through a PitM attack.