alt Hacker NewsHey I ran this request through my AI harness (beigeboxoss.com), first with a smaller local model and then validated with Trinity Large via OR. https://github.com/agberohq/keeper/issues/2 -- YMMV but wanted something to do with my coffee, thanks!
Replies
Retr0id • today at 11:45 AM
> The VerifyHMAC() function unconditionally returns true when the HMAC field is empty
This kind of thing is super common in vibecoded crypto, I wonder why it keeps happening.
➕ show 2 replies
The first bug has been confirmed however The second `vulnerability` would only be exploitable if an attacker could also break SHA-256 preimage resistance to forge valid checksums ??? correct me if am wrong