Azure Mutual Tls Disabled
Description
Detects Azure App Services that do not have mutual TLS (client certificate authentication) enabled. When mutual TLS is disabled, the web app cannot validate client certificates, potentially allowing unauthorized clients to connect and increasing the risk of unauthorized access.
Detection Strategy
• Scans all Azure App Services in the subscription
• Checks if the 'client_cert_enabled' setting is set to false or not configured
• Reports a vulnerability for each App Service that does not have client certificate authentication enabled
Severity v4.0
1.7
Low
Method ID
CSPM-DSTAC
Technique
CSPM
Target
AZURE
Technology
APP_SERVICE
CWE ID(s)
CWE-1188Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.