LibreChat RAG API Authentication Bypass Vulnerability

A vulnerability in LibreChat version 0.8.1-rc2 allows for authentication bypass on the RAG API. This issue arises because the same JSON Web Token (JWT) secret is used for both user session management and RAG API authentication. As a result, an authenticated user can exploit their session token to access RAG API endpoints, bypassing intended access controls. This vulnerability is particularly concerning because the RAG API is typically only accessible internally, requiring either internal network access or the exploitation of another vulnerability to reach it.

Impact

Exploitation of this vulnerability allows an authenticated user to use their LibreChat session token to authenticate against the RAG API. Once authenticated, the user can access all RAG API endpoints, which could include reading, replacing, deleting, or uploading documents. This access is granted because the RAG API relies solely on service-level authentication, without additional user-specific restrictions.

Reproduction

To reproduce this vulnerability, log into LibreChat version 0.8.1-rc2. After logging in, a JWT token is issued that can be used to authenticate against the RAG API. This can be done by sending a request to the RAG API with the Authorization header containing the JWT token. The RAG API will accept the token and grant access, bypassing the intended authentication controls.

Remediation

It is recommended to use a separate JWT secret for the RAG API authentication and to add audience claims to the JWT tokens, validating them in both LibreChat and the RAG API. This would prevent the reuse of tokens even when the JWT secret is the same. Additionally, using separate environment files for each service in the Docker Compose setup can help manage secrets more effectively.