Why installing a root certificate on the client opens a door for MitM attack?

Question

Most internet communication is now end-end encrypted using TLS. In the TLS process, the TLS server sends a PKI certificate to the user which then gets authenticated using the CA's root certificate that it has (I believe it's stored in the browser).

Compromising the certificate store on the user's machine and installing a fake CA certificate means you can intercept traffic. But, how is this possible? In normal operation, I assume, the CA's public key is used to verify the CA's private key was used to issue the TLS server's certificate. The fake CA certificate would have a false key pair, so how does the authentication proceed?

I feel like there is a big gap in my understanding of this. I would appreciate corrections and insights.

Answer 1

A MitM will create a certificate whose signature will be successfully validated against the certificate of the fake CA in your trust store.

For example, if someone managed to install fake (fraudulent) CA certificate (to which they have the private key) into your trust store, they could use that CA cert's private key to issue a fraudulent certificate for security.stackexchange.com. If they then had an MitM position, they could intercept your request for security.SE, and supply their fraudulent certificate. Your browser would accept it as valid for the StackExchange web site, while in reality everything you send and receive goes through the attacker (who fully controls the traffic both ways and could even be serving you a totally fake site). Everything would look fine from your end because the certificate is trusted by your browser, because you trust the attacker's fake CA which is the issuer of the site's (fraudulent) certificate.