ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Florida: Hacker Changed Chemical Levels at Oldsmar’s Water Treatment Plant

    February 8, 2021

    Pinellas County Sheriff Bob Gualtieri said at a news conference Monday there were two intrusions, hours apart. The first one happened at 8 a.m., when a plant operator noticed someone remotely accessing the system he was monitoring, which controls chemicals and other plant operations. But he didn’t think much of it, according to the sheriff, because ...

  • Billions of Passwords Offered for $2 in Cyber-Underground

    February 8, 2021

    A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords. The trove is an aggregate database that brings together older stolen data from breaches past – including credentials from Netflix, LinkedIn, ...

  • Fortinet fixes critical vulnerabilities in SSL VPN and web firewall

    February 7, 2021

    Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has ...

  • Signal ignores proxy censorship vulnerability, bans researchers

    February 7, 2021

    Signal, an end-to-end encrypted messaging platform was recently blocked by the Iranian government. To help its users bypass censorship in Iran, the company suggested a TLS proxy workaround. However, multiple researchers have now discovered flaws in the workaround that can let a censor or government authority probe into Signal TLS proxies, rendering these protections moot and potentially ...

  • Eletrobras, Copel energy companies hit by ransomware attacks

    February 5, 2021

    Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. State-controlled, both are key players in the country. Copel being the largest in the state of Paraná while Eletrobras is the largest power utility company in Latin America ...

  • Cisco warns of critical remote code execution flaws in its small business VPN routers

    February 5, 2021

    Cisco is warning customers using its small business routers to upgrade the firmware to fix flaws that could give remote attackers root level access to the devices. The critical flaws affect the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers. These were the models Cisco recommended customers using unsupported small business routers to ...