https://stream.echo6.co/videos/watch/eb49ae80-8d8a-4fdb-a527-ee81c1f03d98 00:00 - Introduction talking a little bit about 00:55 - Using Extension to show a legitimate password reset 01:50 - Modifying the host header and showing the website uses that in the sent email 02:40 - Talking about mail filters auto-clicking links, which means user interaction isn't always required 03:30 - Sending a password reset to one of my personal emails, to show a mail filter auto clicks the link 04:40 - Got our click! Checking the IP Address to show it was a bot 06:00 - Showing how easy this vulnerability can occur by having OpenAI Build us code! 07:45 - Verifying the code was indeed vulnerable 08:45 - Asking the AI ways to protect against this type of attack, the best way is to put a whitelist on valid domains used to generate password reset links 10:37 - Talking about the other ways to protect against this attack Mon, 13 Apr 2026 16:45:47 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/eb49ae80-8d8a-4fdb-a527-ee81c1f03d98 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.