How to Address Man-In-The-Middle Vulnerability ?
Navigate to 'Administration'-> 'Options Manager'-> 'Security'
a. Enable the 'use_encrypted_sid_and_cookie' option by installing
it. This option uses the encrypted Session ID and cookie to
prevent spoofing and Man-in-the-middle attack. By default, this
option is disabled.
b. Enable 'force_browser_to_send_cookie_only_in_ssl_connection'
feature to work only on SSL connection. If enabled, CA SDM can
only be accessed through an SSL connection.