OpenAI revealed on Friday that a bug in its Redis open source library exposed other users’ personal information and chat titles on the startup’s ChatGPT service earlier this week.
A flaw discovered on March 20, 2023 allowed certain users to view short descriptions of other users’ conversations from the chat history sidebar, prompting the company to temporarily shut down chatbots. I was.
“If both users were active around the same time, the first message of a newly created conversation could also appear in someone else’s chat history,” the company said.
Additionally, the bug is due to the redis-py library, where canceled requests can corrupt connections and return unexpected data (in this case, information belonging to unrelated users) from the database cache. I added that it leads to one scenario.
To make matters worse, a San Francisco-based AI research firm says it accidentally introduced a server-side change that caused a spike in request cancellations and increased error rates.
While the issue has since been resolved, OpenAI noted that the issue may have had more impact elsewhere, and announced that the issue would be resolved on March 20th from 1-10am PT. ) may have revealed payment-related information for 1.2% of ChatGPT Plus subscribers.
This included another active user’s first and last name, email address, payment address, last four digits of credit card number (only), and credit card expiration date. We emphasized that full credit card numbers are not published.
The company says it has reached out to affected users and notified them of the inadvertent leak. It also says, “Added redundant checks to ensure that the data returned from the Redis cache matches the requesting user.”
OpenAI fixes critical account takeover flaw
In another caching-related issue, the company has a severe account takeover vulnerability that can be exploited to take control of another user’s account, view chat history, and access billing information without their knowledge. We also dealt with gender.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
The defect is discovered By security researcher Gal Nagli, it bypasses protections introduced by OpenAI on chat.openai.[.]com to read the victim’s sensitive data.
This replaces the .CSS resource with “chat.openai[.]com/api/auth/session/” endpoint, tricking the victim into clicking a link and causing the response containing a JSON object containing the accessToken string to be cached on Cloudflare’s CDN.
A cached response to a CSS resource (CF-Cache-Status header value set to HIT) can be exploited by an attacker to obtain the target’s JSON Web Token (JWT) credentials and take over the account. increase.
According to Nagli, the bug was fixed by OpenAI within two hours of responsible disclosure, indicating the seriousness of the problem.
