OpenViking Authentication Bypass Vulnerability in VikingBot OpenAPI HTTP Routes

An authentication bypass vulnerability has been identified in OpenViking versions prior to commit c7bb167. The issue arises in the VikingBot OpenAPI HTTP route surface, where the authentication check fails open if the api_key configuration value is unset or empty. This vulnerability allows remote attackers with network access to the exposed service to invoke privileged bot-control functionalities without a valid X-API-Key header. Exploitation includes submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data available to the bot.

Impact

Exploitation of this vulnerability allows for unauthorized access to bot-control functionalities, including the ability to manipulate bot sessions and access sensitive data and integrations linked to the bot.

Reproduction

The vulnerability can be reproduced by configuring an OpenAPI channel without a valid API key, either by leaving the key empty or unsetting it. Once the channel is active, requests can be sent to the OpenAPI HTTP routes that control bot functionalities, such as the chat channel endpoint. The absence of the API key in the request headers will be ignored, allowing the actions to be performed without authentication.

Remediation

Users are advised to configure a valid API key for the OpenAPI channel before using the HTTP chat endpoints. The latest version of OpenViking includes this fix.