| CAPEC | Related Weakness |
| Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy |
| CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
|
| Utilizing REST's Trust in the System Resource to Register Man in the Middle |
|
| Man in the Middle Attack |
| CWE-287 | Improper Authentication |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-294 | Authentication Bypass by Capture-replay |
| CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
| CWE-593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
| CWE-724 | |
|
