Change machine-in-the-middle to man-in-the-middle

2025-12-24 04:36:35 +01:00 · 2022-07-22 11:11:43 +01:00
parent 04df556861
commit 79b1f24133
2 changed files with 2 additions and 2 deletions
--- a/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.qhelp
+++ b/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.qhelp
@@ -5,7 +5,7 @@
 <overview>
 <p>
 If the <code>onReceivedSslError</code> method of an Android <code>WebViewClient</code> always calls <code>proceed</code> on the given <code>SslErrorHandler</code>, it trusts any certificate. 
-This allows an attacker to perform a machine-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.
+This allows an attacker to perform a man-in-the-middle attack against the application, therefore breaking any security Transport Layer Security (TLS) gives.
 </p>

 <p>
--- a/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
+++ b/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
@@ -1,6 +1,6 @@
 /**
 * @name Android `WebView` that accepts all certificates
- * @description Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.
+ * @description Trusting all certificates allows an attacker to perform a man-in-the-middle attack.
 * @kind problem
 * @problem.severity error
 * @security-severity 7.5