Terraform Frontend Allows Ssl30
Description
Detects when Azure API Management services are configured to allow outdated and insecure SSL/TLS protocol versions (SSL 3.0, TLS 1.0, or TLS 1.1) on the frontend. Using deprecated protocols can expose APIs to known vulnerabilities and security exploits.
Detection Strategy
• Identifies Azure API Management resources in Terraform configurations
• Examines the 'security' block attributes: enable_frontend_ssl30, enable_frontend_tls10, and enable_frontend_tls11
• Reports a vulnerability if any of these attributes are set to 'true'
• Each enabled legacy protocol version (SSL 3.0, TLS 1.0, TLS 1.1) triggers a separate vulnerability finding
Vulnerable code example
resource "azurerm_api_management" "example" {
name = "example-apim"
location = "westus"
resource_group_name = "example-group"
publisher_name = "Example Corp"
publisher_email = "contact@example.com"
sku_name = "Developer_1"
...✅ Secure code example
resource "azurerm_api_management" "example" {
name = "example-apim"
location = "westus"
resource_group_name = "example-group"
publisher_name = "Example Corp"
publisher_email = "contact@example.com"
sku_name = "Developer_1"
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.