Wiz Research Research Group revealed serious Vulnerability in the infrastructure of the Chinese ai-startup deepseek. The open database of Clickhouse allowed to get full access to confidential information, including chat history, secret keys and server data.
DeepSeek has recently attracted attention due to the development of an advanced model of artificial intelligence Deepseek-R1, competing with similar Openai solutions. However, the company’s security verification revealed critical problems.
During analysis deepseek’s external security, researchers discovered a publicly accessible database, Placed at the addresses of oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000. Access to data was carried out without any authentication, which opened the possibility of managing the base.
The base contained more than a million records, including the history of user interaction with AI, API Klucks, metadata servers and other sensitive information. Access to logs with the names of the API entities and their operation parameters.
was especially dangerous.
In addition, vulnerability allowed attackers to perform SQL questions without restrictions. This could lead to a large -scale data leak, extracting passwords and internal file structure of servers.
Wiz Research intelligence began with the analysis of the public domain of Deepseek. 30 outwardly available subdomains were identified, including the chatbot interface, the service status page and the API documentation. Initially, they did not pose a threat.
However, additional checks found open ports 8123 and 9000 on several Deepseek servers. Further study showed that they are associated with Clickhouse – a powerful analytical DBMS developed by Yandex and used to work with great data.
Using the Clickhouse HTTP interface, the researchers were able to directly perform SQL queries through the browser. Simple challenge Show Tables; revealed a list of available tables, among which the key attention was attracted by log_stream.
This table contained critical data, such as temporary label marks, the name of the API endpoints, open text of chats, operational metadata and information about deepseek services.
The most serious threat remained the possibility of escalating privileges, which could allow attackers to completely control Deepseek servers without any protection measures.
The Wiz Research team immediately notified Deepseek about the vulnerability found. The company quickly closed public access to the database and eliminated the problem.