Eavesdropping is the unauthorized disclosure of sensitive information that might result directly in a critical security breach or be used in follow-on attacks.

If an attacker has compromised the underlying operating system or the network infrastructure, then the attacker might be able to record and capture Messages. It may be beyond the capability of a Client or Server to recover from a compromised operating system.

Eavesdropping impacts Confidentiality directly and if session establishment is not secured Authentication and Authorization. It also indirectly threatens all other security objectives.

See 5.1.3 for the reconciliation of this threat.