ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • ‘We won’t pay ransom,’ says Ireland after attack on health service

    May 17, 2021

    Ireland’s Health Service Executive (HSE) has ruled out giving in to hackers’ demands as the country’s healthcare and social services continue to deal with the disruption caused by a significant ransomware attack that occurred a few days ago. The HSE has now confirmed that a ransom has been sought by the attackers, although the exact amount ...

  • Bizarro banking Trojan expands its attacks to Europe

    May 17, 2021

    Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. We have seen users being targeted in Spain, Portugal, France and Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries. Following in the ...

  • Insurer AXA hit by ransomware after dropping support for ransom payments

    May 16, 2021

    Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA’s Asian operations. Read more… Source: Bleeping Computer  

  • Russian-language cybercriminal forum ‘XSS’ bans DarkSide and other ransomware groups

    May 14, 2021

    Cybersecurity researchers with Flashpoint, Digital Shadows’ Photon Research Team and other firms have confirmed that XSS, a popular cybercriminal forum, has outright banned ransomware sales, ransomware rental, and ransomware affiliate programs on their platform, according to a announcement released in Russian. The move comes after global scrutiny of ransomware groups increased following a damaging attack on ...

  • DarkSide ransomware servers reportedly seized, operation shuts down

    May 14, 2021

    The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. This news was shared by a threat actor known as ‘UNKN’, the public-facing representative of the rival REvil ransomware gang, in a forum post first discovered by Recorded Future researcher Dmitry ...

  • Rapid7 source code, alert data accessed in Codecov supply chain attack

    May 14, 2021

    Rapid7 has disclosed the compromise of customer data and partial source code due to the Codecov supply chain attack. On Thursday, the cybersecurity firm said it was one of the victims of the incident, in which an attacker obtained access to the Codecov Bash uploader script. The cyberattack against Codecov took place on or around January 31, ...