Azure Search Public Network Access Enabled

Description

Identifies Azure Search Services configured with public network access enabled but no IP address restrictions. This configuration allows unrestricted internet access to the search service, potentially exposing sensitive data and functionality to unauthorized users.

Weakness:

446 - Insecure service configuration - Azure

Category: Functionality Abuse

Detection Strategy

• Search service has public network access set to 'Enabled'

• No IP rules are configured in the network rule set

• The combination of enabled public access and empty IP rules list indicates unrestricted public access

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.