A vulnerability in OpenAI’s ChatGPT application programming interface (API) has been identified, which may enable the execution of a distributed denial of service (DDoS) attack on websites, based on information provided by a cybersecurity researcher. The chatbot can reportedly generate numerous network requests to a target website through the ChatGPT crawler. The researcher has classified this vulnerability with a high severity rating, indicating it remains unresolved, and has noted an absence of communication from the company regarding plans for remediation.
ChatGPT API Enables Multiple Concurrent Network Requests to Identical Websites
In a GitHub post published earlier this month, Benjamin Flesch, a security researcher based in Germany, elaborated on the insecurity present within the ChatGPT API. Flesch also included code that exemplifies a proof of concept, capable of sending 50 parallel HTTP requests to a designated test website, thus illustrating the vulnerability’s potential for instigating a DDoS attack.
Flesch pointed out that the vulnerability arises when HTTP POST requests are made to the endpoint https://chatgpt.com/backend-api/attributions. This process is intended to transmit data to a server, typically utilized by the API to generate new resources. During this operation, the ChatGPT API requires a list of hyperlinks to be included in the URL parameters.
According to the researcher, OpenAI does not ensure that identical hyperlinks to the same resource are filtered out from the list, which appears to be a flaw in its API design. Variations in hyperlink formatting lead to the crawler dispatching numerous simultaneous network requests to a single website. Moreover, Flesch asserted that OpenAI fails to impose a cap on the number of hyperlinks that can be included in the URL parameter of a single request.
This inadequacy could empower malicious users to bombard a website with thousands of requests, potentially overwhelming the server’s capacity. The researcher assigned this vulnerability an “8.6 CVSS” rating, categorizing it as high severity due to its network-based nature, low complexity, lack of necessity for user privileges or interaction, and significant potential impact on website availability.
Flesch stated he had contacted both OpenAI and Microsoft, which hosts the ChatGPT API servers, on numerous occasions through various channels after he discovered the flaw in January. He reported it to the OpenAI security team, reached out to OpenAI employees, informed the OpenAI data privacy officer, and also communicated with Microsoft’s security and Azure network operations team.
Despite his multiple attempts to highlight the vulnerability, Flesch asserted that there has been no resolution or acknowledgment of the issue from the AI firm. Staff members from Gadgets 360 were unable to independently confirm the presence of this vulnerability within the chatbot.
