• DarkMetatron@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Yeah, Man in the middle attacks are completely uncommon and have never happened. You don’t need vulnerabilities in TLS itself but there are plenty of those, check the CVE list for 2023 alone: https://www.openssl.org/news/vulnerabilities.html#y2023

    You only need a access to a valid certificate authority, no issue for any state actor for example, to interrupt the chain. Yes, there are mechanisms against that but those are so far not really common yet unfortunately.

    And I never said that I do code audits, only that I have the possibility to do it.