Hallucination Attacks in Express with Basic Auth

In Express, a Hallucination Attack occurs when an attacker manipulates the application or its dependencies into producing false, fabricated, or misleading information. This can manifest as the server returning invented data, such as fake user records, synthetic file listings, or non-existent resource identifiers, often to cover an attacker’s presence or to assist in further exploitation. When Basic Authentication is used without additional safeguards, the combination can amplify the impact and observability of these hallucinations.

Basic Auth in Express typically involves extracting credentials from the Authorization header, decoding the Base64 username:password string, and validating against a user store or an external service. If the validation logic is non-deterministic — for example, it queries a cache that may be stale, an eventually consistent database, or a mocked service used in development — the server may inconsistently report whether a user exists or whether a password is correct. This inconsistency can be leveraged: an attacker can probe endpoints with slightly altered credentials and observe variations in response content, timing, or status codes, inferring internal behavior and potentially hallucinated data paths.

Because Basic Auth is a stateless, header-based mechanism, it does not inherently bind the authentication decision to a session or token. If the authorization layer is implemented with permissive route handling or overly broad middleware, an attacker may send crafted requests that trigger different code paths depending on how the user lookup resolves. For instance, if the lookup function sometimes returns a user object and sometimes returns null due to race conditions or caching issues, the downstream logic might hallucinate a default administrative context or fabricate permissions to fill the missing data. These hallucinations become observable when responses include detailed error messages, stack traces, or inconsistent JSON structures that reveal which branch of conditional logic was taken.

The risk is further compounded when the application includes integrations with LLM-based tooling or external APIs that may themselves hallucinate. An Express route that passes user-controlled input — even after Basic Auth validation — into a language model or a generative component can propagate and amplify inconsistencies. If the route does not strictly validate and sanitize inputs before using them in prompts, attackers may inject crafted text that causes the LLM to generate false assertions, fabricated data references, or misleading metadata. Because Basic Auth does not provide request-level integrity checks, there is no built-in mechanism to correlate a hallucinated response with a specific authenticated identity, making forensic analysis more difficult.

Consider an endpoint like /api/users/:id that retrieves profile data after Basic Auth validation. If the underlying data store returns inconsistent results — perhaps due to replication lag or a misconfigured query — the route might hallucinate a default avatar URL or a synthetic role assignment to fill missing fields. If the response includes verbose debugging information in development mode, an unauthenticated or low-privilege attacker can infer internal data structures and exploit these hallucinations to escalate reconnaissance or guide further attacks against other endpoints.

To detect such issues, scanning with a tool that supports OpenAPI/Swagger analysis and runtime checks is valuable. middleBrick can analyze your Express API spec, resolve $ref pointers, and run parallel security checks including Input Validation, Authentication, and LLM/AI Security to surface places where hallucination-prone logic or insufficient validation may exist. Its LLM/AI Security checks, including active prompt injection testing and system prompt leakage detection, are particularly useful when your API routes interact with generative models, helping identify paths where hallucinations may be introduced or exposed.

Remediation focuses on deterministic authentication, strict input validation, and avoiding logic that depends on inconsistent data sources. Use a constant-time comparison for credentials, avoid branching responses based on missing data, and ensure that errors do not leak internal paths or hallucinated defaults.

Below is a secure Express implementation using the basic-auth package to parse credentials and a hardcoded user for illustration. In production, replace the hardcoded check with a secure, constant-time lookup against a hashed credential store.

const express = require('express');
const basicAuth = require('basic-auth');
const crypto = require('crypto');

const app = express();

// Example user store: in production, use a secure database with hashed passwords
const USERS = {
  'admin': '$2b$10$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW' // bcrypt hash for 'secret'
};

// Constant-time comparison helper to mitigate timing attacks
function safeCompare(a, b) {
  return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
}

function authenticate(req, res, next) {
  const user = basicAuth(req);
  if (!user || !user.name || !user.pass) {
    res.set('WWW-Authenticate', 'Basic realm="Access"');
    return res.status(401).json({ error: 'Authentication required' });
  }

  const expectedHash = USERS[user.name];
  if (!expectedHash) {
    // Do not reveal user existence; use a dummy hash to keep timing consistent
    crypto.timingSafeEqual(Buffer.from('dummy'), Buffer.from('dummy'));
    res.set('WWW-Authenticate', 'Basic realm="Access"');
    return res.status(401).json({ error: 'Invalid credentials' });
  }

  // In real applications, compare hashed passwords using a library like bcrypt
  // This example uses a direct string compare for simplicity; replace with proper hashing
  const isValid = safeCompare(Buffer.from(user.pass), Buffer.from(expectedHash));
  if (!isValid) {
    res.set('WWW-Authenticate', 'Basic realm="Access"');
    return res.status(401).json({ error: 'Invalid credentials' });
  }

  req.user = user.name;
  next();
}

app.get('/api/secure', authenticate, (req, res) => {
  // Avoid hallucinating defaults; return only data that exists
  res.json({ user: req.user, role: 'user' });
});

app.listen(3000, () => console.log('Server running on port 3000'));

Key practices:

• Use basic-auth or a robust parser to extract credentials safely.
• Perform constant-time comparisons when checking secrets to prevent timing attacks.
• Return uniform error responses and HTTP status codes to avoid leaking whether a username exists.
• Validate and sanitize all inputs before using them in database queries or passing them to other services.
• If your application integrates with LLMs, ensure prompts are built from validated data only and avoid injecting raw user input into model calls.

For ongoing assurance, integrate middleBrick into your workflow: use the CLI (middlebrick scan <url>) for local scans, add the GitHub Action to fail builds if risk scores drop below your threshold, or run scans through the MCP Server while working in an AI coding assistant. The dashboard can track how remediation efforts affect your security score over time.