[nitrogen]

The attacker operates the http login page as a MITM. If they can mangle http traffic, they can run a full MITM.