A question for triagers / programs
Hi, guys.
I've found vulnerability in certificate validation in desktop app.
For simplicity, let's say it checks only company name in certificate, without actually validating the signature.
So, I can (as an attacker intercept traffic). Chained with other vuln it can simply lead to client-side RCE.
The program claims: "Any MITM attacks" in out of scope section.
Actually, I understand it'll take large amount of time for me (about 10-15 hours) to successfully report this vulnerability. (it has some difficulties for me to create correct PoC and so on)
The program itself looks a bit suspicious in case of findings, constantly adding something like "domain.com is out of scope" and "SQLi on domain2.com is out of scope" to it's updates.
So, if I can be totally sure it's worth I'd make a report, but in this case for me it looks useless.
So, the question is, how do vulnerabilities with certificate validation errors typically triaged?
Is it 100% finding? Or I should better find something more trivial/simple to report and see how the program behaves at all?