Azure Mutual Tls Disabled

Description

Detects Azure App Services that do not have mutual TLS (client certificate authentication) enabled. When mutual TLS is disabled, the web app cannot validate client certificates, potentially allowing unauthorized clients to connect and increasing the risk of unauthorized access.

Weakness:

446 - Insecure service configuration - Azure

Category: Functionality Abuse

Detection Strategy

• Scans all Azure App Services in the subscription

• Checks if the 'client_cert_enabled' setting is set to false or not configured

• Reports a vulnerability for each App Service that does not have client certificate authentication enabled

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.