ChatGPT API vulnerability could enable large-scale DDoS attacks


A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub.

According to Flesch, the flaw lies in the API’s handling of HTTP POST requests to the /backend-api/attributions endpoint. The endpoint allows a list of hyperlinks to be provided through the “urls” parameter. The problem arises from an absence of limits on the number of hyperlinks that can be included in a single request, so attackers can easily flood requests with urls via the API.

Read more…
Source: Silicone Angle News


Sign up for our Newsletter


Related:

  • Zebrocy’s Multilanguage Malware Salad

    June 3, 2019

    Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and similarities with BlackEnergy The past five years of Zebrocy infrastructure, malware set, ...

  • Turla turns PowerShell into a weapon in attacks against EU diplomats

    May 30, 2019

    A cyberespionage group believed to be from Russia is once again striking political targets, and this time, PowerShell scripts have been weaponized to increase the power of their attacks. Turla, also known as Snake or Uroburos, has been active since at least 2008. The advanced persistent threat (APT) group was previously linked to a backdoor implanted in ...

  • New HiddenWasp malware found targeting Linux systems

    May 29, 2019

    Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems. Named HiddenWasp, this malware is composed of a user-mode rootkit, a trojan, and an initial deployment script. The malware has a similar structure to another recently-discovered ...

  • Gatekeeper Bug in MacOS Mojave Allows Malware to Execute

    May 28, 2019

    Researcher discloses vulnerability in macOS Gatekeeper security feature that allows the execution of malicious code on current version of the OS. Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave (10.14.0). MacOS Gatekeeper is an Apple security feature that enforces ...

  • One Million Devices Open to Wormable Microsoft BlueKeep Flaw

    May 28, 2019

    Researchers have discovered one million devices that are vulnerable to a “wormable” Microsoft flaw, which could open the door to a WannaCry-like cyberattack. One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released. The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this ...

  • Intense scanning activity detected for BlueKeep RDP flaw

    May 26, 2019

    Threat actors have started scanning the internet for Windows systems that are vulnerable to the BlueKeep (CVE-2019-0708) vulnerability. This vulnerability impacts the Remote Desktop Protocol (RDP) service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008. Microsoft released fixes for this vulnerability on May 14, as part of the ...