Azure Keys Expiration Not Enabled
Description
Identifies Azure Key Vault keys that are enabled but do not have an expiration date set. Keys without expiration dates pose a security risk as they remain valid indefinitely, violating the principle of key rotation and potentially exposing systems to cryptographic vulnerabilities if compromised.
Detection Strategy
• Check if any Azure Key Vault keys are currently enabled and active
• Verify if the key attributes contain an 'expires' property
• Report a vulnerability for each enabled key that lacks an expiration date configuration
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.