PraisonAI WebSocket Gateway Missing Authentication Vulnerability

A critical vulnerability exists in the PraisonAI Gateway server in versions prior to 4.5.97. The server allows WebSocket connections at '/ws' without authentication, enabling any network client to connect, list registered agents, and send arbitrary messages to those agents and their tools. This vulnerability arises because the server does not enforce the 'auth_token' field in the 'GatewayConfig', leaving the WebSocket endpoint open to unauthorized access.

Impact

Exploitation of this vulnerability allows any unauthenticated attacker with network access to connect to the WebSocket gateway, enumerate all registered agents via the '/info' endpoint, and send arbitrary messages to the agents, including commands to execute tools, read files, or make API calls.

Reproduction

To reproduce this vulnerability, first install PraisonAI version 4.5.87 or earlier. Start the PraisonAI Gateway server with the default settings. Once the server is running, send a request to the '/info' endpoint to enumerate the registered agents. After that, establish a WebSocket connection to the '/ws' endpoint without any authentication token. Once connected, the server will accept the connection and respond, indicating that the WebSocket communication is open.

Remediation

Users can upgrade to PraisonAI version 4.5.97 or later, where this vulnerability has been patched.