Ravie Lakshmanan
A now-patched security flaw in Styra’s Open Policy Agent (OPA) has been revealed, potentially leading to the leakage of New Technology LAN Manager (NTLM) hashes if successfully exploited.
Tenable, a cybersecurity firm, described the vulnerability as a Server Message Block (SMB) force-authentication vulnerability, impacting both the CLI and Go software development kit (SDK) for Windows, with a CVE identifier of 2024-8260 (CVSS score: 6.1/7.3).
The issue arises from improper input validation, enabling unauthorized access to leak the Net-NTLMv2 hash of the user logged into the Windows device running the OPA application. To exploit this flaw, certain prerequisites such as having a foothold in the environment or social engineering of a user are necessary.
The captured credentials could then be used in a relay attack to bypass authentication or for offline cracking to extract the password.
Following responsible disclosure in June 2024, the vulnerability was addressed in version 0.68.0 released on August 29, 2024.
As open-source projects become more integrated into solutions, ensuring their security is crucial to protect against increased attack surfaces and exposures to vendors and customers.
Another recent disclosure highlighted a privilege escalation flaw in the Microsoft Remote Registry Service (CVE-2024-43532), patched by Microsoft in February 2024.
NTLM has been susceptible to relay attacks, prompting Microsoft to retire it in Windows 11 in favor of Kerberos for stronger user authentication.