A man-in-the-middle attack is when an attacker secretly relays communications between two parties who believe they are directly communicating with each other. The attacker impersonates both sides of the conversation to gain access to sensitive information or funds. This is done by intercepting public keys during communication and using credentials to trick each end of the conversation into thinking they are speaking directly to each other.