Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a man-in-the-middle (MITM) attack. An unauthorized attacker must wait for a user to initiate a connection.