Attack intercepting communications between two parties. In authentication context, can capture credentials or session tokens. Prevented by TLS and certificate pinning.