Good To Know: WPAD Man-In-The-Middle

I recently found myself reading about an older man-in-the-middle attack:

WPAD Man In The Middle Attacks

Web Proxy Auto-Discovery Protocol (WPAD)

Used to intercept web traffic by using a non-authorized server as a proxy server. This can lead to various attacks as simple as capturing clear text passwords on an internal network.

References:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0858

http://www.netresec.com/?page=Blog&month=2012-07&post=WPAD-Man-in-the-Middle

https://www.trustedsec.com/july-2013/wpad-man-in-the-middle-clear-text-passwords/