Study reveals weaknesses in ChatGPT add-ons

Study reveals weaknesses in ChatGPT add-ons

Recent research conducted by the Salt Labs team has uncovered three critical vulnerabilities associated with ChatGPT plugins.

The first vulnerability was identified in the process of installing new plugins. When users install new plugins, they are required to approve a code on a website. However, malicious actors could exploit this by delivering code approvals with malicious plugins, potentially granting them access to a user’s account.

The second vulnerability was found in a framework used for developing plugins called PluginLab. User accounts were not properly authenticated during installation, creating an opportunity for a malicious actor to insert an unauthorized identification into the account, posing as the user.

The final vulnerability involved plugins with open authorization redirection manipulation, enabling an account takeover through the plugin. By sending a malicious link to a user, an attacker could obtain their credentials.

The researchers promptly notified OpenAI and other relevant third parties about these vulnerabilities, and the issues have since been resolved.

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC