How to Address Man-In-The-Middle Vulnerability ?

Navigate to 'Administration'-> 'Options Manager'-> 'Security'

  a. Enable the 'use_encrypted_sid_and_cookie' option by installing 
     it. This option uses the encrypted Session ID and cookie to 
     prevent spoofing and Man-in-the-middle attack. By default, this
     option is disabled. 
    b. Enable 'force_browser_to_send_cookie_only_in_ssl_connection'
     feature to work only on SSL connection. If enabled, CA SDM can
     only be accessed through an SSL connection.