This is wrong in two places. I'm not sure if it's already been said, because I'm responding now before incorrect information becomes a meme (I'm already multiple pages to late sadly). Your CCNA training is narrowly focused on internal Cisco LANs (with good reason, that's what CCNAs mainly deal with). What you're not realizing is that Man-in-the-Middle attacks are a generic computer security term for any attack in which some software stack in between two other software stacks intercepts information. Normally this happens on networks, and normally it is the result of the attack vectors you describe in your post. In this case, the man in the middle is on your own computer.Originally Posted by Kuenai
Just like networks, software on computers communicates with other software on the same computer through specific channels. WoW sends information to Windows (or MacOS) through these internal communications ports, and this information is in turn sent to the network, video card, etc. Windows send information to WoW through the same channels to give it data about keystrokes, network replies, mouse movements and such. In this case the man in the middle sits on your computer in between the two pieces of software watching the information flow by. It grabs the Authenticator data stream that WoW is sending to Windows intended for the network card, and then falsifies a reply stream saying that the authentication failed. It then takes the Authenticator info that was intended for the Blizzard server and instead sends it to a third party server.
The second place that you're wrong is implying that this indicated Blizzard's network is inherently insecure. I'm not saying that their network IS secure, don't misunderstand me. I have no idea one way or the other. Even if this particular MITM attack were network based, remember that a good chunk of the authentication interface is going over the Public Internet. Even if Blizzard could be 100% sure of it's own internal network security, there could still be a MITM vector that grabbed data off of the public portion of the exchange medium.
I hope you don't take this as calling you out or anything. You understand the basics of the most common form of MITM attack, and the way Cisco trains people it's completely understandable that you would not realize the term is more generic than you've been taught. Cisco does an excellent job of certifying people to manage its equipment; but it tends to focus almost entirely on practical, "this is the Cisco way to do this", information. Often to the exclusion of theoretical knowledge that can be more helpful when you get into the real world and find out that not everyone uses exclusively Cisco gear :-)