Terraform Insecure Tls Version
Description
Detects Azure Redis Cache resources configured with insecure TLS versions. Using outdated TLS versions (1.0/1.1) or not specifying a minimum TLS version exposes the Redis instance to known vulnerabilities and man-in-the-middle attacks.
Detection Strategy
• Identifies Azure Redis Cache resources in Terraform configurations (azurerm_redis_cache)
• Reports a vulnerability if the 'minimum_tls_version' attribute is missing in the resource configuration
• Reports a vulnerability if 'minimum_tls_version' is set to either '1.0' or '1.1'
• Recommends using TLS 1.2 or higher for secure communication with Azure Redis Cache instances
Vulnerable code example
resource "azurerm_redis_cache" "vulnerable" {
name = "redis-example"
location = "eastus"
resource_group_name = "example-group"
capacity = 1
family = "C"
sku_name = "Basic"
minimum_tls_version = "1.0" # Vulnerable: Uses outdated TLS 1.0 instead of 1.2...✅ Secure code example
resource "azurerm_redis_cache" "secure" {
name = "redis-example"
location = "eastus"
resource_group_name = "example-group"
capacity = 1
family = "C"
sku_name = "Basic"
minimum_tls_version = "1.2" # Required: Use TLS 1.2 as minimum for security compliance...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.