Checkmarx, a company specialised in application security, recently discovered and reported an account validation vulnerability in OpenAI’s web application. This vulnerability enabled malicious users to gain unlimited credit by registering multiple accounts and bypassing phone number validation.
The vulnerability was identified in the API of OpenAI that controls user phone number validation. The Checkmarx team reported that due to certain discrepancies in the code, users could exploit free credit trial options with minor modifications of the same phone number and attain an inexhaustible amount of credits for their new accounts.
With its newfound knowledge, the Checkmarx team provided a detailed report outlining the vulnerability, how it was found and its root cause. The vulnerability has since been patched.
Founded in 2006, Checkmarx is a software security giant, offering a comprehensive suite of solutions that enable organizations to identify and remediate vulnerabilities in their applications in order to ensure the safety of their data. The Company was Founded by CTO Maty Siman, the organization is comprised of more than 450 employees and has customers in more than 40 countries, many of them prominent organizations in government, finance, healthcare, and technology. Sandeep Johri currently serves as the CEO of Checkmarx.
The current CEO of Checkmarx is Erez Yalon, who co-founded the organisation in 2006. Yalon holds a master’s degree in finance from the Hebrew University and has held several managerial positions in the private technology space. Currently, Erez is leading a mission to get the message out regarding the importance of software security and motivate organisations to become proactive about their digital security.