Fluid Attacks Database

Azure Flexible Server Ssl Disabled

Description

Identifies Azure PostgreSQL Flexible Servers that have SSL/TLS encryption disabled for client connections. When SSL enforcement is disabled, database connections can be established without encryption, potentially exposing sensitive data in transit to network-based attacks.

Weakness:

016 - Insecure encryption algorithm - SSL/TLS

Category: Information Collection

Detection Strategy

• Examines the 'require_secure_transport' configuration setting for each PostgreSQL Flexible Server

• Reports a vulnerability if the 'require_secure_transport' setting is set to 'off'

• The server must enforce encrypted connections by setting 'require_secure_transport' to 'on'

Severity v4.0

0.5

Low

Method ID

CSPM-EXSLQ

Technique

CSPM

Target

AZURE

Technology

DB_POSTGRESQL

CWE ID(s)

CWE-327

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.