Errata exists for this version of the document.
See 4.3.11 for a description of this threat.
OPC UA protects user credentials sent over the network by encryption as described in 5.2.5.
OPC UA depends upon the site CSMS to protect against other attacks to gain user credentials, such as password guessing or social engineering.