When you click through the error for a self-signed certificate and connect to the HTTPS server regardless, unless you have viewed the certificate hash (fingerprint) or the public key's hash (fingerprint) and verified it is the same value as last time (when you are reasonably sure you were not MiTM'd), the self-signed certificate can be replaced by another self-signed certificate and you wouldn't notice. ![]() In general, TLS MiTM can replace one self signed cert with another and then see all your traffic.
0 Comments
Leave a Reply. |