Weights and Biases OpenUI Hard-Coded Credentials Vulnerability in LiteLLM Proxy

A vulnerability exists in Weights and Biases OpenUI versions through 1.0 (commit f9d8f0e) due to a hard-coded master key for the LiteLLM proxy. This issue arises from a missing f-string prefix in the 'LITELLM_MASTER_KEY' environment variable, causing the proxy to initialize with a static string instead of a dynamic, secure key. As a result, any local attacker can gain unauthorized administrative access to the LiteLLM proxy endpoints, bypassing authentication and exploiting the victim's API credits.

Impact

Exploitation of this vulnerability allows for authentication bypass, granting administrative access to the LiteLLM proxy without session cookies. It also enables financial abuse by routing unlimited LLM requests through the victim's API keys, and exposes information by allowing enumeration of internal LLM model configurations.

Reproduction

To reproduce this vulnerability, run the OpenUI application with LiteLLM enabled. Then, send a request to the LiteLLM proxy on port 4000, using the hard-coded master key 'sk-{SESSION_KEY}' as the Bearer token in the Authorization header. The proxy will respond with a 200 OK status, confirming that the authentication bypass was successful.