Terraform Mysql Ssl Enforcement Disabled
Description
Identifies Azure MySQL servers configured with SSL/TLS encryption disabled. When SSL enforcement is disabled, database connections may be established without encryption, potentially exposing sensitive data to network-level attacks.
Detection Strategy
• Look for Terraform resources of type 'azurerm_mysql_server'
• Check if the resource has 'ssl_enforcement_enabled' attribute set to 'false'
• Report a vulnerability if SSL enforcement is explicitly disabled for any MySQL server
Vulnerable code example
resource "azurerm_mysql_server" "example" {
name = "mysql-server"
location = "eastus"
resource_group_name = "example-rg"
sku_name = "B_Gen5_1"
version = "5.7"
# Security vulnerability: Disabled SSL enforcement exposes database traffic to MITM attacks...✅ Secure code example
resource "azurerm_mysql_server" "example" {
name = "mysql-server"
location = "eastus"
resource_group_name = "example-rg"
sku_name = "B_Gen5_1"
version = "5.7"
# Enable SSL enforcement to protect data in transit from MITM attacks...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.