Azure Triple Des Cipher Algorithm
Description
Detects Azure API Management services configured to use the Triple DES (3DES) cipher algorithm, which is considered cryptographically weak and vulnerable to attacks. Using Triple DES in API Management services can expose API communications to potential security risks and does not meet modern encryption standards.
Detection Strategy
• Scans Azure API Management services in the subscription
• Checks if the custom property 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168' is set to 'true'
• Reports a vulnerability when an API Management service explicitly enables the Triple DES cipher algorithm
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.