Fluid Attacks Database

Azure Db Mysql Ssl Disabled

Description

Identifies Azure MySQL databases that have SSL/TLS encryption disabled for client connections. When SSL is not enforced, database traffic between clients and the server can be transmitted unencrypted, making it vulnerable to man-in-the-middle attacks and data exposure.

Weakness:

016 - Insecure encryption algorithm - SSL/TLS

Category: Information Collection

Detection Strategy

• Checks the 'require_secure_transport' configuration parameter for each Azure MySQL database

• Reports a vulnerability if this setting is explicitly set to 'OFF'

• Ensures that all database connections require SSL/TLS encryption for secure data transmission

Severity v4.0

0.6

Low

Method ID

CSPM-DFDLS

Technique

CSPM

Target

AZURE

Technology

MYSQL

CWE ID(s)

CWE-327

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.