SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Tenable reveals vulnerability in Open Policy Agent for Windows

Yesterday

Tenable has disclosed a vulnerability affecting all versions of Open Policy Agent (OPA) for Windows before version 0.68.0.

Tenable's Cloud Security Research team identified a medium-severity Server Message Block (SMB) force-authentication vulnerability in the widely used open-source policy engine OPA. This vulnerability tracked as CVE-2024-8260, arises from improper input validation, which permits the passage of an arbitrary SMB share instead of a legitimate Rego file to the OPA command-line interface (CLI) or one of its Go library functions.

Exploiting this vulnerability results in unauthorised access through the leakage of the user's Net-NTLMv2 hash—effectively their credentials—from the Windows device running the affected OPA software. Once exploited, attackers can use this vulnerability to relay their authentication to other systems that support NTLMv2 or conduct offline password cracking.

Ari Eitan, Director of Tenable Cloud Security Research, commented on the implications of this discovery. "As open-source projects become integrated into widespread solutions, it is crucial to ensure they are secure and do not expose vendors and their customers to an increased attack surface," he said. "This vulnerability discovery underscores the need for collaboration between security and engineering teams to mitigate such risks."

Open-source software, while cost-effective and conducive to innovation, carries inherent risks when used for enterprise-scale applications. Past incidents, such as the Log4Shell vulnerability and the XZ Utils backdoor, highlight these risks, underscoring the need for careful management and security measures.

Ensuring software security involves maintaining an up-to-date inventory of installed software, implementing a solid patch management process, and minimising the public exposure of services wherever possible. This proactive approach helps organisations manage vulnerabilities effectively and prioritise necessary remediation work.

The vulnerability has been addressed in Styra's most recent release of OPA (v0.68.0). Organisations still running older versions of OPA on Windows are advised to update to the latest version to avoid exposure to this security risk. This update is especially critical for those using the OPA CLI or Go package on Windows systems.

Tenable, a global player in cyber exposure management, provides organisations with solutions to measure and manage cybersecurity risk. Known for its comprehensive vulnerability management platform, Tenable empowers security teams to identify, assess, and prioritise risks across their digital infrastructure.

Through continuous monitoring and research, Tenable addresses vulnerabilities across networks, applications, and cloud environments, helping organisations safeguard their assets against evolving threats. The company's proactive approach to vulnerability discovery and risk mitigation exemplifies its commitment to advancing cybersecurity across industries.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X