Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure File Sync resource is configured to allow public network access, meaning it can be reached from any internet location. This lacks proper access controls and exposes your storage to unauthorized users.

Impact

If exploited, attackers could access, modify, or delete files stored in Azure File Sync from outside your trusted network. This could lead to data breaches, data loss, or compliance violations.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure IoT Hub resource is configured to allow public network access, making it reachable from the internet. This exposure increases the risk of unauthorized access to your IoT Hub.

Impact

If public network access is enabled, attackers could attempt to connect to your IoT Hub from anywhere, potentially leading to data leaks, device manipulation, or disruption of IoT services. Restricting access helps protect sensitive IoT devices and data from external threats.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Cache for Redis resource is configured with public network access enabled, allowing anyone on the internet to reach the cache instance. This exposes sensitive data and services to unauthorized users.

Impact

If public network access is not disabled, attackers could connect to the Redis cache from outside the organization, potentially leading to data leaks, tampering, or disruption of application services. This increases the risk of unauthorized access and breaches.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The PostgreSQL server is configured with public network access enabled, allowing anyone on the internet to attempt to connect. This setting exposes the database to unauthorized access and increases the risk of attacks.

Impact

If exploited, attackers could connect to the database from anywhere, potentially leading to data breaches, unauthorized data manipulation, or service disruption. This exposure can compromise sensitive information and undermine the security of your cloud environment.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Data Factory resource is not configured to use a Git repository for source control. This means changes to data factory pipelines and resources are not tracked or versioned.

Impact

Without source control, unauthorized or accidental changes can go undetected, increasing the risk of misconfigurations or data leaks. Attackers or insiders could alter pipelines without an audit trail, making it harder to recover or investigate incidents.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Cosmos DB account configuration allows access key write operations by not explicitly disabling ‘access_key_metadata_writes_enabled’. This increases the risk of unauthorized key changes or exposure.

Impact

If exploited, attackers could modify or rotate database access keys, potentially gaining unauthorized access or disrupting services. This can lead to data breaches, loss of control over database access, and compromise of sensitive information.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Event Grid Domain resource is configured to allow public network access, which means it can be reached from anywhere on the internet. This increases the risk of unauthorized access to event data and management operations.

Impact

If public network access is enabled, attackers could potentially connect to the Event Grid Domain from outside the organization’s network, leading to data exposure, unauthorized event publishing or subscription, and compromise of event-driven workflows within your Azure environment.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Cognitive Services account in Azure is configured to allow public network access, which means anyone on the internet could potentially reach the service. This setting exposes sensitive resources to unauthorized users.

Impact

If public network access is enabled, attackers could attempt to connect to and exploit the Cognitive Services account from outside your organization, leading to data leakage, unauthorized use of APIs, or abuse of resources. This increases the risk of breaches and service misuse.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Cosmos DB resource is configured to allow public network access, which means it can be reached from any internet location. This increases the risk that unauthorized users could access your database.

Impact

If public network access is enabled, attackers may be able to connect to the database from outside your trusted network, potentially leading to data exposure, unauthorized data manipulation, or service disruption. This could compromise sensitive information and impact application integrity.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The virtual machine resource allows extensions to be installed by default, which could enable unauthorized or unmonitored code to run on the VM. Not setting ‘allow_extension_operations = false’ leaves the VM open to potential misuse.

Impact

If exploited, attackers or unauthorized users could install malicious extensions, leading to data breaches, privilege escalation, or compromise of the virtual machine. This can result in loss of control over the VM, exposure of sensitive information, and increased risk of further attacks across the environment.