The vulnerability, identified by Germany-based security researcher Benjamin Flesch, lies in the handling of HTTP POST requests to the ChatGPT API endpoint:The Vulnerability Explained
https://chatgpt.com/backend-api/attributions.
This API endpoint typically processes data sent by users in the form of hyperlinks within the URL parameter. However, Flesch identified two major flaws:
- Lack of Duplicate Hyperlink Filtering: The API does not verify whether a hyperlink appears multiple times in the URL parameter. Since the same resource can be linked in various ways, this flaw allows the system to send multiple requests to a single website unnecessarily.
- No Limitation on Hyperlink List Size: OpenAI does not impose a maximum limit on the number of hyperlinks that can be added to the URL parameter and submitted in a single API request. This means a malicious actor could include thousands of links to a target website, triggering a flood of parallel HTTP requests.
Flesch published a proof-of-concept (PoC) on GitHub earlier this month, demonstrating the exploit. The code showcases how 50 parallel HTTP requests could be sent to a test website, effectively demonstrating how the flaw could overwhelm a target server.Proof of Concept and Severity
The vulnerability has been assigned a high severity “8.6 CVSS” rating due to the following factors:
- Network-based: The attack is executed via API requests over the network.
- Low Complexity: The exploit requires minimal technical expertise to implement.
- No Privileges Required: Anyone with access to the API can exploit the vulnerability.
- High Impact on Availability: The flaw can render target websites inaccessible.
Flesch claims to have reported the vulnerability in January and has since reached out to both OpenAI and Microsoft (which hosts the ChatGPT API on its Azure servers) multiple times. His attempts to notify OpenAI's security team, employees, and data privacy officers, as well as Microsoft's security and Azure network operations teams, have reportedly gone unanswered.Delayed Response from OpenAI and Microsoft
As of now, the vulnerability remains active, with no timeline for a fix. This lack of response raises concerns about the potential misuse of the flaw by malicious actors.
The discovery of this vulnerability underscores the importance of robust security measures in widely-used AI platforms like ChatGPT. A DDoS attack leveraging this flaw could lead to severe disruptions for targeted websites.Implications and Recommendations
Recommendations for OpenAI:
- Implement stricter validation to prevent duplicate or excessive hyperlinks in API requests.
- Enforce a limit on the number of hyperlinks allowed in the URL parameter.
- Deploy rate-limiting measures to mitigate potential abuse.
While ChatGPT continues to revolutionize human-computer interaction, this vulnerability highlights the need for vigilance in securing emerging technologies. As the platform grows in popularity, addressing such critical flaws promptly is essential to ensure user trust and the safety of online ecosystems.Conclusion
