When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Salt Security discovered various ChatGPT plugins had critical security flaws.
With these flaws, threat actors could have taken over third-party accounts, and accessed the sensitive data therein.
The flaws have since been remediated.
These are custom versions of ChatGPT that any developer can publish.
Three separate flaws were found in ChatGPT plugins.
The first was found when users install new plugins.
ChatGPT sends the user a code which approves the installation.
However, bad actors could have sent users a code that approves a malicious plugin instead.
The second was found in PluginLab, a site used to develop ChatGPT plugins.
The site failed to properly authenticate user accounts, which again could have let hackers take them over.
One of the plugins affected by this was “AskTheCode,” which integrates between ChatGPT and GitHub.
The third was found within several plugins, and involved OAuth redirection manipulation.
This could have allowed for account takeover as well.
Salt Security says it followed procedure once it discovered the flaws and notifiedOpenAIand the other affected parties.
