On 4/28/20 2:30 PM, Bernd Zeimetz wrote: > > > On 4/27/20 2:49 AM, Paride Legovini wrote: >> An active MITM attack is way more complicated than just sniffing and >> storing traffic for later analysis. Changing the 2FA or password is not >> a great strategy, as you would immediately realize what's going on. >> Silently gaining access to an account allows to act when the conditions >> are the best from the attacker's point of view. > > Exactly. > An attacker would gain access to a few accounts, wait and see what they > can do with the gained permissions in the long run. And at some point > compromise something. > > 2FA stops this kind of attacks completely. Without a current 2fa token, > your password knowledge is useless. > > Gaining access with a MITM attack once gives you a very short amount of > time to do whatever you want to do, as your login will be gone as soon > as the next login without MITM happens.
That's not the case. An MITM attack could gain a session and maintain it open, while the end user would just notice "oh shit, I miss-typed the 2FA numbers, let's try again". Then the only thing the attacker needs to do is keep the session open to not loose access... Cheers, Thomas Goirand (zigo)