Terraform Redis Authentication Disabled
Description
Detects Azure Redis Cache resources configured with authentication disabled, which allows unauthorized access to the cache. This creates a critical security vulnerability where anyone who can reach the Redis endpoint could read or modify sensitive data stored in the cache.
Detection Strategy
• Look for 'azurerm_redis_cache' resource declarations in Terraform configurations
• Check if the resource has a 'redis_configuration' block defined
• Within redis_configuration, verify if 'authentication_enabled' is explicitly set to 'false'
• Report a vulnerability if authentication is disabled since this allows unauthenticated access
Vulnerable code example
resource "azurerm_redis_cache" "example" {
name = "redis-cache"
location = "eastus"
resource_group_name = "my-resource-group"
sku_name = "Standard"
redis_configuration {
authentication_enabled = false # Security risk: Redis instance without authentication enabled
}...✅ Secure code example
resource "azurerm_redis_cache" "example" {
name = "redis-cache"
location = "eastus"
resource_group_name = "my-resource-group"
sku_name = "Standard"
capacity = 2 # Required: Specify cache capacity
family = "C" # Required: Specify cache family
minimum_tls_version = "1.2" # Enable minimum TLS 1.2 for secure communication...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.