Json Tls Minimum Api
Description
Detects potentially insecure TLS protocol settings in Azure API Management Services. This vulnerability occurs when API Management instances are configured to allow legacy/insecure TLS protocols, which could expose the API endpoints to downgrade attacks and weaker cryptographic standards.
Detection Strategy
• Search for Azure ARM template resources of type 'Microsoft.ApiManagement/service'
• Examine the customProperties section of the API Management service configuration
• Check if any TLS protocol settings are explicitly enabled by having 'true' value
• Flag configurations where legacy TLS protocols are allowed as vulnerable
Vulnerable code example
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.ApiManagement/service",
"apiVersion": "2021-08-01",
"name": "api-service",...✅ Secure code example
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.ApiManagement/service",
"apiVersion": "2021-08-01",
"name": "api-service",...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.