| 제목 | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Use of Hard-coded Credentials (CWE-798) |
|---|
| 설명 | # Technical Details
A Hardcoded LiteLLM Master Key vulnerability exists in `backend/openui/config.py` of Weights and Biases OpenUI. A missing Python f-string prefix when setting the LITELLM_MASTER_KEY environment variable results in the proxy being initialized with the literal hardcoded string "sk-{SESSION_KEY}" on every deployment instead of a dynamically generated key.
When OpenUI runs with --litellm flag, the LiteLLM proxy binds to x.x.x.x:4000. Since the token is statically known, any network attacker can bypass all authentication by passing Authorization: Bearer sk-{SESSION_KEY}.
# Vulnerable Code
File: backend/openui/config.py (line 44)
Method: Module-level initialization
Why: Missing 'f' prefix: os.environ["LITELLM_MASTER_KEY"] = "sk-{SESSION_KEY}" should be f"sk-{SESSION_KEY}". A similar bug on line 41 was already fixed in commit e21c8d5 but line 44 was missed.
# Reproduction
1. Run OpenUI with LiteLLM enabled.
2. Query the LiteLLM proxy: curl -i http://localhost:4000/v1/models -H "Authorization: Bearer sk-{SESSION_KEY}"
3. Returns HTTP 200 OK instead of 401 Unauthorized, confirming the static credential is accepted.
# Impact
- Financial abuse: Unlimited LLM requests via victim's API keys (OpenAI, Anthropic).
- Authentication bypass: Full admin access to LiteLLM proxy without session cookies.
- Information exposure: Enumerate internal LLM model configurations. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92 |
|---|
| 사용자 | Eric-b (UID 96354) |
|---|
| 제출 | 2026. 03. 12. AM 02:46 (19 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. PM 02:48 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353880 [wandb OpenUI 까지 0.0.0.0/1.0 backend/openui/config.py LITELLM_MASTER_KEY 약한 인증] |
|---|
| 포인트들 | 20 |
|---|