During the man-in-the-middle attack, the hidden intruder joins the communication and intercepts all messages.
The attacker creates two secret keys and using the first of them starts the communication with the first side. The answer (which he can decrypt because he knows the key, which he's invented) is encrypted using the second key and sent to the second side. Then the answer from the second side is read and sent to the first side. In this way, the whole communication passes through the attacker. He can receive a lot of information about the whole system and even successfully impersonate authorized persons and reach an access for hidden data.
For defend against this attack the strong mutual authentication method must be used before starting transmission of secret data. The other way to protect is using known public keys, which can be reach from for example known databases, instead of using a key received from the other side (so in this case - from the attacker).
This attack is frequently used for eavesdropping the communication with Wi-Fi access points or with base stations in GSM networks.