|
| ▲ | Retr0id 3 hours ago | parent | next [-] |
| I don't expect an unbounded scope but I do expect it to cover the big scary headline items like RCE. Additionally, this can be exploited without MitM if you combine with e.g. a DNS cache poisoning attack. And they can still fix it even if they're not willing to pay a bounty. |
| |
| ▲ | tptacek 3 hours ago | parent [-] | | DNS poisoning is a MITM vector; in fact, it's the most popular MITM vector. | | |
| ▲ | webstrand 2 hours ago | parent [-] | | Really? I thought MitM was always intercepting/manipulating traffic from or to the victim. | | |
| ▲ | vishnugupta 2 hours ago | parent [-] | | What you wrote is the definition of MITM. Op and others are saying DNS poisoning is a popular way of achieving that goal. | | |
| ▲ | webstrand 2 hours ago | parent [-] | | Oh you mean that it's a popular way of initiating the interception part of MitM, got it. |
|
|
|
|
|
| ▲ | JJJollyjim 3 hours ago | parent | prev | next [-] |
| This is the place they direct researchers to report bugs. If they don’t want to pay out for MITM, that’s fine, but they should still be taking out-of-scope reports seriously |
| |
| ▲ | bravetraveler 3 hours ago | parent [-] | | +1 Bounty aside, this deserves attention. I wouldn't want to award bounties for MitM either if I made it so easy. They closed the issue as 'out of scope'... with no mention of follow-up (or even the bounty we don't care about). I'm skeptical to say the least. Industry standard has been to ignore MitM or certificates/signatures, not everything. |
|
|
| ▲ | LoganDark 2 hours ago | parent | prev [-] |
| A bug bounty should motivate exploitable bugs to be reported so that they can be fixed. IMO, if it refuses to accept certain kinds of bugs that can still be exploited, it's not working properly. |
| |
| ▲ | tptacek 2 hours ago | parent [-] | | A bug bounty directs internal engineering efforts. It can't eradicate bugs; that's not how bugs work. | | |
|
