Azure Backend Insecure Tls
Description
This detector checks Azure API Management services for backend endpoints configured to allow insecure legacy TLS protocol versions (TLS 1.0 and TLS 1.1). Using outdated TLS versions exposes backend communications to known security vulnerabilities and man-in-the-middle attacks.
Detection Strategy
• Scans Azure API Management service custom properties for TLS version configurations
• Reports a vulnerability if TLS 1.0 is enabled via the property 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10' being set to 'True'
• Reports a vulnerability if TLS 1.1 is enabled via the property 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11' being set to 'True'
Severity v4.0
0.6
Low
Method ID
CSPM-ENREE
Technique
CSPM
Target
AZURE
Technology
API_MANAGEMENT
CWE ID(s)
CWE-327Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.