OPA for Windows Vulnerability Exposes NTLM Hashes

October 22, 2024 at 05:31PM Organizations using Open Policy Agent (OPA) for Windows should update to v0.68.0 or later to address a vulnerability (CVE-2024-8260) that exposes user credentials via improper input validation. This flaw allows attackers to exploit authentication processes, highlighting the risks linked to using open-source software. ### Meeting Takeaways: 1. **Update Recommendation**: – … Read more

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

October 22, 2024 at 10:30AM A recently patched vulnerability in Styra’s Open Policy Agent (CVE-2024-8260) could have allowed attackers to leak NTLM credentials, enabling authentication relay or password cracking. Proper input validation issues and specific prerequisites were identified. This highlights the ongoing risks associated with NTLM, prompting Microsoft to plan its retirement in Windows 11. … Read more