Styra’s OPA Security Flaw Exposes NTLM Hashes to Remote Attackers

SeniorTechInfo
2 Min Read
Oct 22, 2024
Ravie Lakshmanan
Vulnerability / Software Security
Styra’s OPA Security Flaw Exposes NTLM Hashes to Remote Attackers

A now-patched security flaw in Styra’s Open Policy Agent (OPA) has been revealed, potentially leading to the leakage of New Technology LAN Manager (NTLM) hashes if successfully exploited.

Tenable, a cybersecurity firm, described the vulnerability as a Server Message Block (SMB) force-authentication vulnerability, impacting both the CLI and Go software development kit (SDK) for Windows, with a CVE identifier of 2024-8260 (CVSS score: 6.1/7.3).

The issue arises from improper input validation, enabling unauthorized access to leak the Net-NTLMv2 hash of the user logged into the Windows device running the OPA application. To exploit this flaw, certain prerequisites such as having a foothold in the environment or social engineering of a user are necessary.

The captured credentials could then be used in a relay attack to bypass authentication or for offline cracking to extract the password.

Following responsible disclosure in June 2024, the vulnerability was addressed in version 0.68.0 released on August 29, 2024.

As open-source projects become more integrated into solutions, ensuring their security is crucial to protect against increased attack surfaces and exposures to vendors and customers.

Another recent disclosure highlighted a privilege escalation flaw in the Microsoft Remote Registry Service (CVE-2024-43532), patched by Microsoft in February 2024.

NTLM has been susceptible to relay attacks, prompting Microsoft to retire it in Windows 11 in favor of Kerberos for stronger user authentication.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *