Terraform Backend Tls10 Enabled
Description
Identifies Azure API Management services configured to allow outdated and insecure TLS/SSL protocol versions (SSL 3.0, TLS 1.0, TLS 1.1) for backend connections. Using these legacy protocols exposes the backend communications to known vulnerabilities and potential man-in-the-middle attacks.
Detection Strategy
• Locates Azure API Management resources in Terraform configurations
• Examines the security configuration block within these resources
• Checks if any of the following properties are set to 'true': enable_backend_ssl30, enable_backend_tls10, enable_backend_tls11
• Reports a vulnerability if any of these insecure protocol versions are enabled
Vulnerable code example
resource "azurerm_api_management" "example" {
name = "example-apim"
location = "westus"
resource_group_name = "example-rg"
publisher_name = "Company"
publisher_email = "contact@company.com"
sku_name = "Developer_1"
...✅ Secure code example
resource "azurerm_api_management" "example" {
name = "example-apim"
location = "westus"
resource_group_name = "example-rg"
publisher_name = "Company"
publisher_email = "contact@company.com"
sku_name = "Developer_1"
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.