Horizon Alert
Summary of the vulnerability and why it matters
A vulnerability in LiteLLM, an AI gateway, could allow an unauthenticated attacker to impersonate legitimate users by exploiting a caching mechanism in its JWT authentication. This issue affects deployments where JWT/OIDC authentication is specifically enabled, as this configuration is not the default.
- Unauthorized user access.
- Confirm relevance and exposure.
- Validate authentication configurations.
Attack Path
How an attacker could exploit the issue
An attacker could potentially impersonate a legitimate user by exploiting a flaw in how LiteLLM caches authentication tokens when JWT authentication is enabled. If an attacker crafts a token with the same first 20 characters as a valid user's cached token, they can trick the system into granting them the user's identity and access rights. This scenario is only possible in deployments that have specifically enabled JWT and OIDC authentication.
- Unauthenticated network access required.
- Cache key collision allows impersonation.
- High risk of unauthorized access.
Live Threat
Current exploitation, exposure, and threat context
When JWT authentication is enabled and the OIDC userinfo cache is active, an unauthenticated attacker could impersonate a legitimate user by crafting a token with a matching prefix. This could allow them to leverage the privileges of the impersonated user, provided the specific configuration is enabled.
- User identity and permissions.
- Crafted token matching cache key.
- Unauthorized access to user resources.
Operational Fix
Recommended remediation, mitigation, and detection steps
For deployments utilizing LiteLLM with JWT/OIDC authentication enabled, the platform or application owner is responsible for addressing this vulnerability. The first practical step is to inventory all LiteLLM instances, confirm if JWT authentication is active, and determine their exposure and business criticality. This information will guide the prioritization and planning of remediation efforts with the responsible teams.
- Identify accountable platform or application owners.
- Verify JWT authentication and network exposure.
- Plan remediation based on criticality and exposure.