Im guessing a downgrade attack where a mitm convinces the client to use plaon http so they can read the plain text credential.