Google researchers have identified a zero-day exploit likely developed with AI assistance that bypasses two-factor authentication in a popular open-source web-based system administration tool. The attack leverages a semantic logic error where a hardcoded trust assumption contradicted the application's authentication enforcement, allowing attackers to bypass 2FA after obtaining valid user credentials. The article does not provide a CVE, CVSS score, specific affected versions, a fixed version, or a workaround.
Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials. The flaw stemmed from a semantic logic error, a case where a developer hardcoded a trust assumption that contradicted the application’s authentication enforcement. Google Threat Intelligence Group (GTIG) worked with the impacted vendor to disclose the … More → The post Google researchers uncover criminal zero-day exploit likely built with AI appeared first on Help Net Security .