A recent discovery by German security researcher Benjamin Flesch reveals a critical vulnerability in the ChatGPT API that enables potential DDoS attacks on websites. This vulnerability arises from the /attributions endpoint, where there are no restrictions on the number of hyperlinks included in a POST request. Cybercriminals can exploit this by overwhelming requested websites with thousands of URLs, leading to significant damage through infrastructure overload. OpenAI's lack of duplicate checking compounds the risk, prompting calls for immediate remedial measures to secure the API properly.
The ChatGPT API has a serious vulnerability that allows cybercriminals to execute DDoS attacks on websites by exploiting the handling of HTTP POST requests.
This vulnerability results from the absence of restrictions on the number of hyperlinks in an API request, making it a powerful attack vector.
By submitting requests filled with thousands of hyperlinks, it is possible for hackers to overwhelm targeted websites and compromise their infrastructure.
Strong measures need to be taken by OpenAI, including limiting the number of URLs per request and preventing duplicates, to mitigate this vulnerability.
Collection
[
|
...
]