ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Povlsomware PoC Ransomware Features Cobalt Strike Compatibility

    March 1, 2021

    Povlsomware (Ransom.MSIL.POVLSOM.THBAOBA) is a proof-of-concept (POC) ransomware first released in November 2020 which, according to their Github page, is used to “securely” test the ransomware protection capabilities of security vendor products. Povlsomware has not garnered much attention at the moment, being talked about in only a few sites — however, it has some interesting characteristics, ...

  • World’s leading dairy group Lactalis hit by cyberattack

    March 1, 2021

    Lactalis, the world’s leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company’s systems. Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world. The dairy group controls multiple leading international brands, including Président, Galbani, Lactel, Santal, ...

  • Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall

    March 1, 2021

    Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua says it offers more than 20 security solutions for encrypting data communication ...

  • Hackers use black hat SEO to push ransomware, trojans via Google

    March 1, 2021

    The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. Apart from increasing the number of payloads, Gootloader has been seen distributing them across ...

  • Bad bots are on the attack, and your defence plan is probably wrong

    March 1, 2021

    Google is warning that bots are causing more problems for business — but many companies are only focused on the most obvious attacks. At the outset of the COVID-19 pandemic Microsoft chief Satya Nadella said Microsoft had seen “two years’ worth of digital transformation in two months.” Google now sees that attackers have adapted to these ...

  • Universal Health Services lost $67 million due to Ryuk ransomware attack

    March 1, 2021

    Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. UHS, a Fortune 500 hospital and healthcare services provider, has over 90,000 employees who provide services to roughly 3.5 million patients each year in more than 400 US and UK healthcare facilities. UHS said last ...