Salt Security has reported finding critical vulnerabilities in select ChatGPT plugins, which could allow hackers to gain unauthorized access to users’ accounts on third-party platforms. These plugins enable ChatGPT to perform operations such as code editing on GitHub or retrieving data from Google Drive.
Vulnerabilities Identified in ChatGPT Plugins
ChatGPT plugins are alternative versions of the AI-based chatbot, which can be published by any developer. Salt Security experts discovered three vulnerabilities in these plugins.
The first issue pertains to the plugin installation process. ChatGPT sends a confirmation code to the user for the plugin installation. However, hackers can potentially replace this code with one used to install malicious plugins.
Issue with PluginLab
A second vulnerability was found on the PluginLab platform, used for developing ChatGPT plugins. There was insufficient security in user authentication, enabling hackers to capture access to their accounts. One of the plugins affected by this issue was AskTheCode, which facilitated ChatGPT and GitHub integration.
Manipulation with OAuth authorizations
The team unveiled a third vulnerability across multiple plugins, resting on manipulations with redirections during OAuth authorizations. This issue could allow hackers to gain access to accounts on third-party platforms. The plugins lacked a URL verification mechanism during redirect, enabling hackers to send harmful links to users for account theft.
Salt Security assured that it followed standard procedure by informing OpenAI and other parties about these discoveries. The identified problems were promptly corrected, and no evidence of exploits was found.
