| 标题 | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Use of Hard-coded Credentials (CWE-798) |
|---|
| 描述 | # Technical Details
A Hardcoded LiteLLM Master Key vulnerability exists in `backend/openui/config.py` of Weights and Biases OpenUI. A missing Python f-string prefix when setting the LITELLM_MASTER_KEY environment variable results in the proxy being initialized with the literal hardcoded string "sk-{SESSION_KEY}" on every deployment instead of a dynamically generated key.
When OpenUI runs with --litellm flag, the LiteLLM proxy binds to x.x.x.x:4000. Since the token is statically known, any network attacker can bypass all authentication by passing Authorization: Bearer sk-{SESSION_KEY}.
# Vulnerable Code
File: backend/openui/config.py (line 44)
Method: Module-level initialization
Why: Missing 'f' prefix: os.environ["LITELLM_MASTER_KEY"] = "sk-{SESSION_KEY}" should be f"sk-{SESSION_KEY}". A similar bug on line 41 was already fixed in commit e21c8d5 but line 44 was missed.
# Reproduction
1. Run OpenUI with LiteLLM enabled.
2. Query the LiteLLM proxy: curl -i http://localhost:4000/v1/models -H "Authorization: Bearer sk-{SESSION_KEY}"
3. Returns HTTP 200 OK instead of 401 Unauthorized, confirming the static credential is accepted.
# Impact
- Financial abuse: Unlimited LLM requests via victim's API keys (OpenAI, Anthropic).
- Authentication bypass: Full admin access to LiteLLM proxy without session cookies.
- Information exposure: Enumerate internal LLM model configurations. |
|---|
| 来源 | ⚠️ https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92 |
|---|
| 用户 | Eric-b (UID 96354) |
|---|
| 提交 | 2026-03-12 02時46分 (20 日前) |
|---|
| 管理 | 2026-03-27 14時48分 (16 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 353880 [wandb OpenUI 直到 0.0.0.0/1.0 backend/openui/config.py LITELLM_MASTER_KEY 弱身份验证] |
|---|
| 积分 | 20 |
|---|