ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Hack Breaks PDF Encryption, Opens Content to Attackers

    October 2, 2019

    Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content  — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH developed the attack, called PDFex, that can allow an attacker to view the ...

  • HQWar: the higher it flies, the harder it drops

    October 2, 2019

    Mobile dropper Trojans are one of today’s most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers’ main task is to deliver payload while sidestepping the ...

  • Securing the Industrial Internet of Things: Addressing IIoT Risks in Healthcare

    October 2, 2019

    The constant quest for prolonging and preserving human life has continually driven technologies to develop groundbreaking innovations in the delivery of healthcare services and state-of-the-art treatments. Like in many other enterprises, the industrial internet of things (IIoT) has rapidly transformed the network and data infrastructure in health and medicine. With the IIoT, medical data and information have ...

  • New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

    October 1, 2019

    Trend Micro found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. KovCoreG, active since 2011, is a long-running campaign ...

  • New SIM card attack disclosed, similar to Simjacker

    September 27, 2019

    A team of security researchers has detailed a second SMS-based attack that can allow malicious actors to track users’ devices by abusing little-known apps that are running on SIM cards. This new attack, named WIBattack, is identical to Simjacker, an attack disclosed at the start of the month by mobile security firm AdaptiveMobile. Both attacks work in the ...

  • Thousands of PCs Affected by Nodersok/Divergent Malware

    September 27, 2019

    New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own components but also takes advantage of existing tools to do ...