Share This:

Cybersecurity Threat Advisory

A recent security vulnerability was found in Styra’s Open Policy Agent (OPA) that can lead to New Technology LAN Manager (NTLM) hashes exposure if exploited. Continue reading this Cybersecurity Threat Advisory to learn the implications of this flaw and the security measures required to protect your organization.

What is the threat?

Tracked as CVE-2024–8260 (CVSS score: 7.3), this vulnerability is classified as a server message block (SMB) force-authentication. It affects both the command-line interface (CLI) and the Go SDK for Windows. When exploited It  enables attackers to leak NTLM credentials from the OPA server’s local user account to a remote server.

Why is this noteworthy?

Due to insufficient input validation, this vulnerability allows unauthorized access by leaking the Net-NTLMv2 hash of the user logged into the Windows device running the OPA application. For this to occur, the victim must be able to initiate outbound Server Message Block (SMB) traffic over port 445. Upon gaining access, attackers can stage a relay attack that bypasses authentication. Additionally, attackers can perform offline cracking to extract the password.

What is the exposure or risk?

When a user or application attempts to access a remote share on Windows, it compels the local machine to authenticate to the remote server using NTLM. During this process, the NTLM hash of the local user is sent to the remote server. An attacker can leverage this mechanism to capture the credentials, enabling them to relay the authentication or crack the hashes offline.

What are the recommendations?

Barracuda recommends the following actions to protect your environment against this vulnerability:

  • Update your Styra OPA for Windows to version 0.68.0 or later.
  • Use a 24/7 monitoring service, such as Barracuda XDR Server Security, to protect critical systems.

References

For more in-depth information about the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Mandeep Gujral

Posted by Mandeep Gujral

Mandeep is a Cybersecurity Analyst at Barracuda MSP. She's a security expert, working on our Blue Team within our Security Operations Center. Mandeep supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *