Azure Rbac Not Enabled
Description
Identifies Azure Key Vaults that are not configured to use Role-Based Access Control (RBAC) for access management. Without RBAC enabled, the Key Vault relies solely on vault access policies, which can make access management more complex and potentially less secure, especially in large environments.
Detection Strategy
• Scans all Key Vaults in the Azure subscription
• Checks if the 'enable_rbac_authorization' property exists in the vault properties
• Reports a vulnerability if 'enable_rbac_authorization' is set to false or disabled
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.