Terraform Non Ssl Port Enabled True
Description
Detects Azure Redis Cache configurations that explicitly disable SSL port requirements. When non-SSL ports are enabled, it allows unencrypted communications to the Redis cache instance, potentially exposing sensitive data to network eavesdropping and man-in-the-middle attacks.
Detection Strategy
• Look for Azure Redis Cache resource definitions in Terraform configuration files
• Check if the 'non_ssl_port_enabled' attribute is explicitly set to false
• Report a vulnerability if SSL enforcement is disabled, as this allows insecure connections to the Redis instance
• Configuration is considered secure by default if 'non_ssl_port_enabled' is not specified or set to true
Vulnerable code example
resource "azurerm_redis_cache" "example" {
name = "demo-redis-cache"
location = "eastus"
resource_group_name = "demo-rg"
sku_name = "Premium"
family = "P"
capacity = 1
non_ssl_port_enabled = true # Vulnerable: Enables non-SSL port which is insecure...✅ Secure code example
resource "azurerm_redis_cache" "example" {
name = "demo-redis-cache"
location = "eastus"
resource_group_name = "demo-rg"
sku_name = "Premium"
family = "P"
capacity = 1
non_ssl_port_enabled = false # Secure: Disable non-SSL port to enforce encrypted connections...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.