Fluid Attacks Database

Azure Flex Server Insecure Tls

Description

Detects Azure PostgreSQL Flexible Servers configured with insecure TLS protocol versions (below TLS 1.2). Using outdated TLS versions can expose database communications to known security vulnerabilities and man-in-the-middle attacks.

Weakness:

016 - Insecure encryption algorithm - SSL/TLS

Category: Information Collection

Detection Strategy

• Retrieves the 'ssl_min_protocol_version' configuration from each PostgreSQL Flexible Server

• Checks if the configured minimum TLS version is less than 1.2

• Reports a vulnerability if an insecure TLS version (TLS 1.0 or TLS 1.1) is allowed

Severity v4.0

0.5

Low

Method ID

CSPM-1GELE

Technique

CSPM

Target

AZURE

Technology

DB_POSTGRESQL

CWE ID(s)

CWE-327

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.