| Title | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Use of Hard-coded Credentials (CWE-798) |
|---|
| Description | # Technical Details
A Hardcoded LiteLLM Master Key vulnerability exists in `backend/openui/config.py` of Weights and Biases OpenUI. A missing Python f-string prefix when setting the LITELLM_MASTER_KEY environment variable results in the proxy being initialized with the literal hardcoded string "sk-{SESSION_KEY}" on every deployment instead of a dynamically generated key.
When OpenUI runs with --litellm flag, the LiteLLM proxy binds to x.x.x.x:4000. Since the token is statically known, any network attacker can bypass all authentication by passing Authorization: Bearer sk-{SESSION_KEY}.
# Vulnerable Code
File: backend/openui/config.py (line 44)
Method: Module-level initialization
Why: Missing 'f' prefix: os.environ["LITELLM_MASTER_KEY"] = "sk-{SESSION_KEY}" should be f"sk-{SESSION_KEY}". A similar bug on line 41 was already fixed in commit e21c8d5 but line 44 was missed.
# Reproduction
1. Run OpenUI with LiteLLM enabled.
2. Query the LiteLLM proxy: curl -i http://localhost:4000/v1/models -H "Authorization: Bearer sk-{SESSION_KEY}"
3. Returns HTTP 200 OK instead of 401 Unauthorized, confirming the static credential is accepted.
# Impact
- Financial abuse: Unlimited LLM requests via victim's API keys (OpenAI, Anthropic).
- Authentication bypass: Full admin access to LiteLLM proxy without session cookies.
- Information exposure: Enumerate internal LLM model configurations. |
|---|
| Source | ⚠️ https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92 |
|---|
| User | Eric-b (UID 96354) |
|---|
| Submission | 03/12/2026 02:46 (19 days ago) |
|---|
| Moderation | 03/27/2026 14:48 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 353880 [wandb OpenUI up to 0.0.0.0/1.0 backend/openui/config.py LITELLM_MASTER_KEY hard-coded credentials] |
|---|
| Points | 20 |
|---|