"OpenAI Flaw Allows Unlimited Credit on New Accounts"

OpenAI offered free credits to users interested in trying its open Artificial Intelligence (AI) projects. However, Checkmarx discovered a vulnerability that allowed users to abuse the trial and get unlimited credit on new accounts. The researchers were able to circumvent restrictions by intercepting and modifying an OpenAI Application Programming Interface (API) request. According to the researchers, this allowed them to create a number of user accounts using the same phone number, receiving as many free credits as they desired. A user had to enter their email address, click on the activation link sent to their inbox, enter a phone number, and then enter the validation code received via SMS in order to register for the trial. Both the user's email address and phone number had to be unique for them to receive free credits. Researchers found it difficult to bypass the phone number limitation. They attempted to alter the phone number subtly, such as by adding the country code. Ultimately, they avoided the requirement by using multiple variants of the same phone number. This article continues to discuss the flaw that allowed Checkmarx researchers to get unlimited credits for testing different OpenAI projects such as ChatGPT.

Cybernews reports "OpenAI Flaw Allows Unlimited Credit on New Accounts"