Safety researcher, Nagali discovered a vital account takeover vulnerability within the OpenAI ChatGPT utility that allowed an attacker to take over somebody’s account, get admission to their chat historical past, and examine their billing data with out their wisdom.
The problem was once reported through a safety researcher who explored the authentication go with the flow in ChatGPT’s requests and found out an anomaly within the GET request. The request fetched the account context, together with e-mail, identify, symbol, and accessToken from the server, permitting the researcher to milk “Internet Cache Deception.”
https://chat.openai.com/api/auth/consultation https://chat.openai.com/api/auth/consultation/take a look at.css
The researcher defined that to milk the vulnerability, they needed to drive the Load Balancer to cache the request on a particular trail, and if a success, they might learn the sufferer’s delicate information from the cached reaction.
It was once imaginable to takeover somebody’s account, view their chat historical past, and get admission to their billing data with out them ever figuring out it.
Breakdown under 👇 %.twitter.com/W4kXMNy6qI
— Nagli (@naglinagli) March 24, 2023
What’s Internet Cache Deception and How Does it Paintings?
“Internet Cache Deception” is a vulnerability that permits an attacker to control internet cache servers to retailer delicate data in a cached reaction. By means of crafting a particular request with a changed record extension, an attacker can trick the cache server into storing delicate information, which will then be accessed later.
The vulnerability works as a result of many internet cache servers are configured to cache responses in keeping with the record extension of the asked useful resource. For instance, a cache server would possibly cache all sources with the “.css” record extension to make stronger efficiency. Then again, if an attacker can trick the server into caching a reaction that accommodates delicate data, they are able to then retrieve that data later through having access to the cached reaction.
OpenAI’s reaction to this vulnerability was once to manually instruct the caching server to not cache the endpoint via a regex.
This vulnerability has since been mounted, and OpenAI’s workforce praised the researcher for his or her accountable disclosure.
|ChatGPT Reaction to Researcher