Fluid Attacks Database

Description

Identifies Azure Network Security Groups (NSGs) that allow unrestricted RDP access (port 3389) from any source IP address. This misconfiguration exposes Virtual Machines to potential unauthorized access and brute force attacks through the Remote Desktop Protocol.

Weakness:

157 - Unrestricted access between network segments

Category: Access Subversion

Detection Strategy

• Examines each Network Security Group's security rules for inbound traffic configurations

• Reports a vulnerability when a rule allows TCP or any (*) protocol traffic on port 3389

• Specifically flags rules where source address is unrestricted (like '0.0.0.0/0', '*', 'Internet', or '/0')

• Evaluates both individual source address prefixes and source address prefix lists in the rules

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.