OpenAI Fixed Account Takeover Bug in ChatGPT

It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it.

Security researcher, Nagali found a critical account takeover vulnerability in the OpenAI ChatGPT application that allowed an attacker to take over someone's account, access their chat history, and view their billing information without their knowledge.

The issue was reported by a security researcher who explored the authentication flow in ChatGPT's requests and discovered an anomaly in the GET request. The request fetched the account context, including email, name, image, and accessToken from the server, allowing the researcher to exploit "Web Cache Deception."

EndPoints
https://chat.openai.com/api/auth/session https://chat.openai.com/api/auth/session/test.css

The researcher explained that to exploit the vulnerability, they had to force the Load Balancer to cache the request on a specific path, and if successful, they could read the victim's sensitive data from the cached response.

What is Web Cache Deception and How Does it Work?

"Web Cache Deception" is a vulnerability that allows an attacker to manipulate web cache servers to store sensitive information in a cached response. By crafting a specific request with a modified file extension, an attacker can trick the cache server into storing sensitive data, which can then be accessed later.

The vulnerability works because many web cache servers are configured to cache responses based on the file extension of the requested resource. For example, a cache server might cache all resources with the ".css" file extension to improve performance. However, if an attacker can trick the server into caching a response that contains sensitive information, they can then retrieve that information later by accessing the cached response.

OpenAI's response to this vulnerability was to manually instruct the caching server not to cache the endpoint through a regex.

ChatGPT Web Cache Deception bug

This vulnerability has since been fixed, and OpenAI's team praised the researcher for their responsible disclosure. 

ChatGPT Response to Researcher
ChatGPT Response to Researcher

Read Also
Post a Comment