
A Passive Attack is an actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
Related Term: Active Attack
Source: IETF RFC 4949, NIST SP 800-63 Rev 1