MITM where attacker needs to install their own CA certs on the victim's device -- sure, out of scope.
replyMITM because you used http instead of https and you don't have any other verified cryptographic signature on your data -- get tae fuck, fix it pronto.
I'd even count this as "having local access to the device", as that is what is needed to install such a cert
replyI think it's fair to say that requiring local administrative access to the device is out of scope, since you have already completely pwned the device in that case, which is what what you need to install a CA cert on any OSes.
replyWhy would anyone ever exclude true mitm?
replyVarious domain registrars have been compromised over and over again (often by children!), resulting in companies like Tesla and Cloudflare getting owned.
The reality is that any vaguely competent attacker can compromise a court clerk and just compel e.g. the .com registry to hand over whatever domain they want.
Although I suppose the aforementioned problem has significant implications beyond dns…
>Why would anyone ever exclude true mitm?
replySame reason security programs exclude social engineering, even though that's a pretty common way for companies to get pwned.
Excluding SE is to make sure people do not spam customer support and launch annoying phishing campaigns. None of that is applicable for local software running on your own computer.
replyOut of scope in this case means "we don't wanna pay you"
replyApparently it also means "We don't want to pay our engineers to fix this".
replyOut of scope does not necessarily mean out of impact. It is merely a question of how far a company wants to be responsible for the environment their software is run in. Most of the time that answer is "not much."
replyBut I use a Wi-Fi password, so my phone says it's secure!
reply