Eavesdropping is the unauthorized disclosure of sensitive information that might result directly in a critical security breach or be used in follow-on attacks.

If an attacker has compromised the underlying operating system or the network infrastructure, then the attacker might be able to record and capture Messages. It may be beyond the capability of a Clientor Serverto recover from a compromised operating system.

Eavesdropping impacts Confidentialitydirectly and if session establishment is not secured Authenticationand Authorization. It also indirectly threatens all other security objectives.

See 5.1.3for the reconciliation of this threat.