Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

October 22, 2024 at 10:30AM A recently patched vulnerability in Styra’s Open Policy Agent (CVE-2024-8260) could have allowed attackers to leak NTLM credentials, enabling authentication relay or password cracking. Proper input validation issues and specific prerequisites were identified. This highlights the ongoing risks associated with NTLM, prompting Microsoft to plan its retirement in Windows 11. … Read more

Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens

November 28, 2023 at 05:36AM Researchers have discovered a cyber attack technique called “forced authentication” that can leak a Windows user’s NT LAN Manager (NTLM) tokens. The attack exploits a feature in Microsoft Access that allows users to link to external data sources, and it can be launched by tricking a victim into opening a … Read more