Cybersecurity Threat Advisory: Critical security flaw in Styra’s OPA

A recent security vulnerability was found in Styra’s Open Policy Agent (OPA) that can lead to New Technology LAN Manager (NTLM) hashes exposure if exploited. Continue reading this Cybersecurity Threat Advisory to learn the implications of this flaw and the security measures required to protect your organization.

What is the threat?

Tracked as CVE-2024–8260 (CVSS score: 7.3), this vulnerability is classified as a server message block (SMB) force-authentication. It affects both the command-line interface (CLI) and the Go SDK for Windows. When exploited It  enables attackers to leak NTLM credentials from the OPA server’s local user account to a remote server.

Why is this noteworthy?

What is the exposure or risk?

When a user or application attempts to access a remote share on Windows, it compels the local machine to authenticate to the remote server using NTLM. During this process, the NTLM hash of the local user is sent to the remote server. An attacker can leverage this mechanism to capture the credentials, enabling them to relay the authentication or crack the hashes offline.

What are the recommendations?

Barracuda recommends the following actions to protect your environment against this vulnerability:

• Update your Styra OPA for Windows to version 0.68.0 or later.
• Use a 24/7 monitoring service, such as Barracuda XDR Server Security, to protect critical systems.

References

For more in-depth information about the recommendations, please visit the following links:

• https://thehackernews.com/2024/10/security-flaw-in-styras-opa-exposes.html
• https://medium.com/@wiretor/security-flaw-in-styras-opa-exposes-ntlm-hashes-to-remote-attackers-f4c9ce201de8

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.