I don't expect an unbounded scope but I do expect it to cover the big scary headline items like RCE. Additionally, this can be exploited without MitM if you combine with e.g. a DNS cache poisoning attack. And they can still fix it even if they're not willing to pay a bounty.

▲

tptacek 3 hours ago | parent [-]

DNS poisoning is a MITM vector; in fact, it's the most popular MITM vector.

▲

webstrand 2 hours ago | parent [-]

Really? I thought MitM was always intercepting/manipulating traffic from or to the victim.

▲

vishnugupta 2 hours ago | parent [-]

What you wrote is the definition of MITM.

Op and others are saying DNS poisoning is a popular way of achieving that goal.

	▲	webstrand 2 hours ago \| parent [-]
		Oh you mean that it's a popular way of initiating the interception part of MitM, got it.