ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Npower withdraws mobile app after hackers steal personal details

    February 27, 2021

    Npower has permanently withdrawn its mobile app after hackers used it to access its customers’ personal details, including the sort codes and the last four digits of their bank accounts. The hack, which cybersecurity experts said left the firm’s customers “wide open to fraud”, is understood to have taken place around the start of February. The company ...

  • Go malware is now common, having been adopted by both APTs and e-crime groups

    February 26, 2021

    The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week. The company’s findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away ...

  • Oxford University lab with COVID-19 research links targeted by hackers

    February 26, 2021

    An Oxford University lab conducting research into the coronavirus pandemic has been compromised by cyberattackers. Oxford University, one of the most prominent educational institutions in the UK, was made aware of the security breach on Thursday. The university confirmed that a security incident took place at the Division of Structural Biology lab, also known as “Strubi,” after ...

  • Dutch Research Council (NWO) confirms ransomware attack, data leak

    February 26, 2021

    The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang. The hackers gained access to NWO’s network on February 8 and stole internal documents, threatening with leaking them unless the organization paid a ransom. Since NWO does not cooperate with ...

  • Lazarus targets defense industry with ThreatNeedle

    February 25, 2021

    We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking a closer look, we identified the malware ...

  • Cisco Warns of Critical Auth-Bypass Security Flaw

    February 25, 2021

    A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) — this is Cisco’s management software for businesses, which allows them to monitor the health ...