←back to thread

Critical vulnerability in AI coding platform Base44 allowing unauthorized access

(www.wiz.io)
122 points waldopat | 7 comments | 30 Jul 25 16:12 UTC | HN request time: 0.411s | source | bottom
Show context
zamalek ◴[30 Jul 25 17:09 UTC] No.44736778[source]
Hot on the wheels on the vibe-coded Tea breach. Things are looking great for vibe coding.

Don't get me wrong, I have been been more hands off (though not completely, and very prescriptive) with an SPA side project and it's going great. Claude makes way better looking UIs than my dog ugly developer UIs. But vibing auth? That should seriously count as _legal_ gross negligence.

replies(5): >>44736996 #>>44737543 #>>44737655 #>>44738035 #>>44738150 #
1. IanCal ◴[30 Jul 25 17:23 UTC] No.44736996[source]
Nothing here says auth was vibe coded. It’s a platform for vibe coding.
replies(3): >>44737432 #>>44737436 #>>44737727 #
2. loupol ◴[30 Jul 25 17:57 UTC] No.44737432[source]
There's also nothing saying they are not dog fooding at least a little bit.
replies(2): >>44739344 #>>44743278 #
3. JohnMakin ◴[30 Jul 25 17:57 UTC] No.44737436[source]
You don’t think they dog food their own app dev? Interesting
replies(1): >>44741400 #
4. zamalek ◴[30 Jul 25 18:19 UTC] No.44737727[source]
From the founder himself: https://www.lennysnewsletter.com/p/the-base44-bootstrapped-s...
5. bee_rider ◴[30 Jul 25 20:49 UTC] No.44739344[source]
I wonder to what extent the vibe coding folks are dogfooding. Their platforms seem too basically work in the sense that they spit out some kind of code, so I guess there must not be too much dogfooding going on.
6. zahlman ◴[31 Jul 25 01:15 UTC] No.44741400[source]
Dogfooding doesn't normally produce artifacts that end up in production, surely?
7. IanCal ◴[31 Jul 25 07:26 UTC] No.44743278[source]
There’s nothing saying they didn’t do this deliberately, but it’d still be an unsubstantiated accusation to say that’s why there was a problem with auth.