Azure Dev Portal Auth Inactive
Description
Detects when an Azure API Management developer portal has authentication requirements disabled. This security misconfiguration allows anonymous access to the developer portal, potentially exposing sensitive API documentation and testing interfaces to unauthorized users.
Detection Strategy
• Examines the authentication configuration of Azure API Management developer portals
• Reports a vulnerability when the 'require' setting under signin configuration is set to false
• Checks the portal configuration value at path /value/0/signin/require
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.