Sunday , April 27 2025

ChatGPT Account Take Over Vulnerability Let Hackers Gain User’s Online Account

A renowned security analyst and bug hunter, Nagli (@naglinagli), recently uncovered a critical security vulnerability in ChatGPT.

With just a single click, a threat actor could easily exploit the vulnerability and gain complete control of any ChatGPT user’s account.

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
NVIDIA Releases Security Update For GPU Driver Vulnerabilities

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...
Read More
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....
Read More
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

NVIDIA NeMo Framework Vuln Allow Attackers RCE

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...
Read More
NVIDIA NeMo Framework Vuln Allow Attackers RCE

Cisco Issued Urgent Security Advisories For Multiple Products

Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due...
Read More
Cisco Issued Urgent Security Advisories For Multiple Products

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

GitLab Releases Security Update For Multiple Vulns

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
GitLab Releases Security Update For Multiple Vulns

ISPAB president “whatsapp” got hacked via phishing link

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
ISPAB president “whatsapp” got hacked via phishing link

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
Zyxel released patches 2 vulns in its USG FLEX H series firewalls

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

As a result, opening the doors to sensitive data let attackers execute unauthorized actions; the whole is termed “Account Take Over.”

ChatGPT Account Takeover

Account takeover is a sneaky cyber attack where an attacker or hacker gains access to your account unauthorizedly by either exploiting in the system or stealing your login details.

It is possible for an attacker to conduct a variety of malicious activities after having gained access to a target system or device:-

  • Theft of personal information
  • Fraudulent transactions
  • Spread malware

To access a victim’s ChatGPT account, the attacker exploits a web cache deception vulnerability. This ChatGPT Account Take Over bug made a single-click attack possible, enabling a remote attacker to compromise any user’s account and completely take over the account.

ChatGPT Account Take Over Bug Attack Flow

A web cache deception vulnerability is a sneaky security flaw that lets attackers trick web servers’ caching systems, giving them access to users’ accounts.

A vulnerability like this can arise when a website’s server cache is set up or used incorrectly. Hackers can use this ChatGPT Account Take Over vulnerability to manipulate cached web pages or create fake ones to deceive users.

Here below, we have mentioned the complete attack flow in five key points, and these key points will give you an accessible overview of the complete attack flow:-

  • Attacker crafts a dedicated .css path of the /api/auth/session endpoint.
  • Attacker distributes the link (either directly to a victim or publicly)
  • Victims visit the legitimate link.
  • Response is cached.
  • Attacker harvests JWT Credentials.

If left unchecked, this web cache deception vulnerability could’ve given attackers access to sensitive user information, including:-

  • Names
  • Email addresses
  • Access tokens

While all of these above-mentioned data are retrieved from the OpenAI’s API server, which is accessed via the following URL:-

https[:]//chat[.]openai[.]com/api/auth/session

Then this information could be used to generate a request to “https://chat.openai.com/api/auth/session/victim.css.” No matter if the victim “.css” file was on the server, the server would respond with the same data as “/api/auth/session.”

The server would cache a CSS file and save the victim’s session content, data, and access token in the process due to the “.css” extension.

For the exploit to succeed, the CF-Cache-Status response must confirm a cached “HIT.” This means the data was cached and will be served to the following request within the same region.

An attacker can read a victim’s sensitive data from the cached response if they manipulate the Load Balancer into caching their request on a customized path.

See the flaw in action:-

When Nagli discovered the issue, he acted quickly and responsibly by reporting it to the ChatGPT team. By doing so, he helped to prevent potential harm and ensure the continued safety of ChatGPT users.

Even though the researcher did not receive any financial compensation for his efforts, he asserted that he is proud to have played a role in enhancing the security of the innovative product.

Mitigation

Web cache deception is a highly severe vulnerability that’s relatively easy to exploit. However, there are several ways to mitigate this issue, and here below we have mentioned them:-

  • The cache server should operate based on the application’s cache-control headers.
  • Only cache files if HTTP caching headers allow it.
  • Cache files based on their Content-Type header, not just the file extension.
  • Return HTTP errors like 404 or 302 for non-existent files.

Check Also

NeMo Framework

NVIDIA NeMo Framework Vuln Allow Attackers RCE

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, …

Leave a Reply

Your email address will not be published. Required fields are marked *