In which type of attack is the attacker impersonating a legitimate user?

The scenario described involves an attacker impersonating a legitimate user, which is a defining characteristic of a man-in-the-middle attack. In this type of attack, the attacker intercepts communications between two parties, often making it appear as if they are part of the legitimate interaction. The attacker can then forge responses and manipulate data without detection. This impersonation can allow the attacker to gain sensitive information and even control over the conversation or transaction, creating a highly deceptive environment.

In contrast, other options focus on different methods of attack. SQL injection involves manipulating a web application's database query process to manipulate and gain unauthorized access to data. Phishing is primarily characterized by tricking users into revealing personal information through deceptive emails or messages, rather than directly impersonating them. Credential stuffing uses stolen credentials to gain unauthorized access to accounts but does so based on the compromised accounts rather than impersonation during an active communication.

Thus, the intent and method of a man-in-the-middle attack directly align with the concept of impersonation, making it the correct choice for this question.