alt Hacker NewsIt's insane the AI has been provided the tooling to send emails to arbitrary addresses like that. Like, getting it to send a 2FA code at a user's request is one thing. But it should only be able to "hit a button" to send a 2FA email to the address attached to the account, all run with hand-written code. It shouldn't have access to the 2FA code itself, or the message subject, or body, or the recipient address, etc.
Why did they give it any of that?!
Replies
Some Jr engineer got tired of handling stupid support requests and automated the job with an agent. That’s how.
Assigning Jr engineers for security support is ridiculous partly because young people don’t understand how critical security is sometimes. And partly because they don’t value privacy as much.
> But it should only be able to "hit a button" to send a 2FA email to the address attached to the account, all run with hand-written code.
Genuine question...why would that need to be hand-written?
It makes absolute sense as a general statement and is kinda crazy that this wasn't a built-in limitation, but I'm not quite sure why the code for that bit must be hand-written (provided the code functionally does what you describe).
This exploit is my new gold standard for trivially avoidable security failures. Someone has finally beaten Gitlab's password reset emails to attacker-provided addresses.
The harness is vibe-coded.
This exploit has essentially nothing to do with AI and everything to do with a terribly designed account recovery flow.
This exact same flow could have been (and may have been; I don’t know how much the chatbot here actually does) statically coded.