According to Benjamin Flesch, a security researcher in Germany, a security vulnerability in ChatGPT can be used to carry out DDoS attacks.
According to a researcher, a security vulnerability in the programming interface of OpenAI’s ChatGPT can be exploited by hackers. He described the vulnerability in detail and how it can be exploited on GitHub.
No limits
The vulnerability happens when processing http post requests to the backend API. There is no limit set on the number of hyperlinks that can be included in a single request. This allows one to send thousands of hyperlinks in one http request, overloading the servers, or performing a DDoS attack. OpenAI’s API does not verify if those hyperlinks lead to the same source, or if they are duplicates.
Flesch advises OpenAI to set limits as soon as possible, ensure that duplicate requests are filtered and add restrictive measures to prevent abuse. However, DDoS attacks are proving difficult to prevent; six million were carried out in the third quarter of 2024 alone. The financial sector proved to be the biggest target.
read also