ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+

    June 28, 2021

    Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video displays as well as printers. Windows applications don’t directly access graphics hardware such as device drivers, but they interact with GDI, which in turn then interacts with device drivers. In this way, there is an abstraction ...

  • Nefilim Ransomware Attack Through a MITRE Att&ck Lens

    June 28, 2021

    Nefilim is among a new breed of ransomware families that use advanced techniques for a more targeted and virulent attack. It is operated by a group that we track under the intrusion set “Water Roc”. This group combines advanced techniques with legitimate tools to make them significantly harder to detect and respond before it is ...

  • Cisco ASA vulnerability actively exploited after exploit released

    June 27, 2021

    Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter. This Cisco ASA vulnerability is cross-site scripting (XSS) vulnerability that is tracked as CVE-2020-3580. Cisco first disclosed the vulnerability and issued a fix in October 2020. However, the initial patch for CVE-2020-3580 was incomplete, and a ...

  • Nobelium hackers accessed Microsoft customer support tools

    June 26, 2021

    Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent’s computer that exposed customer’s subscription information. Nobelium is Microsoft’s name for a state-sponsored hacking group believed to be operating out of Russia responsible for the SolarWinds supply-chain attacks. In a new blog post published Friday night, ...

  • Sophisticated hackers are targeting these Zyxel firewalls and VPNs

    June 25, 2021

    Zyxel, a manufacturer of enterprise routers and VPN devices, has issued an alert that attackers are targeting its devices and changing configurations to gain remote access to a network. In a new support note, the company said that a “sophisticated threat actor” was targeting Zyxel security appliances with remote management or SSL VPN enabled. Read more… Source: ZDNet  

  • 30M Dell Devices at Risk for Remote BIOS Attacks, RCE

    June 24, 2021

    A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to an analysis from Eclypsium, the bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that ...