According to a cybersecurity researcher, OpenAI’s ChatGPT application programming interface (API) contains a critical vulnerability that could be exploited to launch a distributed denial of service (DDoS) attack on various websites. The researcher indicated that the chatbot has the capability to generate thousands of network requests to a target site via the ChatGPT crawler. This vulnerability has been assigned a high severity rating and remains unaddressed, with no timeline provided by OpenAI for a fix.
Gateway for Multiple Parallel Network Requests Detected in ChatGPT API
In a recent GitHub post, Benjamin Flesch, a security expert based in Germany, outlined the vulnerability present in the ChatGPT API. He provided proof of concept code that demonstrates how to dispatch 50 parallel HTTP requests to a test website, illustrating the potential for initiating a DDoS attack.
Flesch explained that the issue arises during the handling of HTTP POST requests directed at https://chatgpt.com/backend-api/attributions. This specific method is utilized for sending data to a server and is generally employed by the API endpoint for creating new resources. To carry out this function, the ChatGPT API necessitates a list of hyperlinks in the URL parameter.
The researcher pointed out a significant flaw within the API: OpenAI does not verify whether a hyperlink to the same resource appears multiple times in the provided list. This oversight allows the crawler to generate numerous parallel network requests to the same website, especially since hyperlinks can be formatted in various ways. Moreover, Flesch noted that OpenAI lacks a restriction on the total number of hyperlinks that can be included in a single request.
This flaw enables a malicious individual to potentially direct thousands of requests to a targeted website, which could overwhelm its server capabilities. Given these factors, Flesch assigned the vulnerability a severity rating of 8.6 on the Common Vulnerability Scoring System (CVSS), as it is network-based, easy to exploit, requires no special permissions or user participation, and can significantly impact website availability.
The researcher reported that he attempted to inform both OpenAI and Microsoft, which hosts the ChatGPT API, about the vulnerability multiple times through various channels after identifying it in January. His outreach included communications with the OpenAI security team, OpenAI employees, its data privacy officer, and Microsoft’s security and Azure operations teams.
Despite these efforts, Flesch asserted that the issue remains unresolved and has yet to be recognized by OpenAI. Staff members from Gadgets 360 were unable to confirm the existence of the vulnerability in the chatbot.
