Azure Frontend Insecure Tls
Description
Detects Azure API Management services that allow insecure TLS protocol versions (1.0 or 1.1) in their frontend configurations. These legacy TLS versions contain known security vulnerabilities and their usage could expose APIs to man-in-the-middle attacks and other security risks.
Detection Strategy
• Checks the custom properties of each Azure API Management service for TLS 1.0 and 1.1 settings
• Reports a vulnerability if 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10' is set to 'True'
• Reports a vulnerability if 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11' is set to 'True'
• Each detected insecure TLS version generates a separate vulnerability report with the specific version identified
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.