An active attack is an attack on the authentication protocol where the Attacker transmits data to theClaimant, Credential Service Provider, Verifier, or Relaying Party. Examples of active attacks include man-in-the middle, impersonation, and session hijacking.
An active attack is an actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
Relevant Term: Passive Attack
Sources: IETF RFC 4949, NIST SP 800-63 Rev 2
If you would like more information on active and passive attacks, watch this short video:
