Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The MySQL server is configured to allow public network access, meaning anyone on the internet can attempt to connect. This exposes the database to unauthorized access and increases the risk of attacks.

Impact

If public access is enabled, attackers could discover and attempt to exploit your MySQL server, leading to potential data breaches, data loss, or unauthorized data manipulation. This can compromise sensitive information and disrupt business operations.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

Blob storage containers in Azure are configured without explicitly setting their access level to ‘private’, which may leave them open to public access. This means anyone on the internet could potentially read or list blobs stored in the container.

Impact

If exploited, sensitive data stored in the affected blob containers could be exposed to unauthorized users or the public. Attackers could access, download, or enumerate files, leading to data leaks, privacy breaches, and potential regulatory violations.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Function App is deployed without authentication enabled, allowing anyone to access its endpoints without verifying their identity. This leaves your application open to unauthorized access.

Impact

Without authentication, attackers or unauthorized users could invoke your function app’s APIs, potentially exposing sensitive data, triggering unintended operations, or increasing the risk of abuse. This lack of access control can lead to data leaks, service misuse, or security breaches.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Cosmos DB account is not configured to restrict access, allowing connections from any network. Missing settings like public network access restrictions or virtual network/IP filtering make the database accessible from the public internet.

Impact

If exploited, attackers could connect to the Cosmos DB instance from anywhere, potentially leading to unauthorized access, data breaches, or manipulation of sensitive information. This exposure increases the risk of data theft or service disruption.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The storage account is configured to allow public access to blobs, which means anyone on the internet can read data without authentication. This setting exposes sensitive files and data to unauthorized users.

Impact

If exploited, attackers or unauthorized individuals could access, download, or leak confidential data stored in the Azure Storage Account. This could lead to data breaches, compliance violations, and damage to the organization’s reputation.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Container Group resource is not configured to use a virtual network. This means containers are deployed without network isolation, exposing them directly to the public internet.

Impact

Without a virtual network, containers are vulnerable to unauthorized network access, increasing the risk of attacks such as data exfiltration or service disruption. Attackers could exploit this to access sensitive resources or compromise workloads within your Azure environment.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

Defining custom Azure subscription roles with full permissions (using ‘actions = ["*"]’) grants unrestricted access to all resources. This effectively creates a new owner role, which can bypass intended access controls.

Impact

If exploited, users assigned to these custom roles can perform any action within the subscription, including modifying or deleting resources, changing configurations, and accessing sensitive data. This increases the risk of accidental or malicious changes, leading to potential data loss, service outages, or security breaches.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The virtual machine scale set is configured to allow password authentication, which makes it easier for attackers to try brute-force or stolen password attacks. Disabling password authentication and using SSH keys improves security by requiring stronger, less guessable credentials.

Impact

If password authentication is enabled, attackers may gain unauthorized access by guessing or obtaining weak, reused, or compromised passwords. This can lead to full control over the virtual machines, data breaches, or disruption of services within your Azure environment.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The SQL database firewall is configured to allow connections from any IP address (0.0.0.0/0), exposing the database to the entire internet. This removes any network-level restriction on who can access the database instance.

Impact

If exploited, anyone on the internet could attempt to connect to your database, increasing the risk of unauthorized data access, brute-force attacks, or compromise of sensitive information. This could lead to data breaches, service disruption, or further attacks against your environment.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Cognitive Search service is configured to allow public network access, making it accessible from the internet. This can expose sensitive data and operations to unauthorized users.

Impact

If public access is enabled, attackers could connect to the search service from anywhere, potentially leading to data leaks, manipulation of search indexes, or unauthorized access to sensitive information. This increases the risk of breaches and non-compliance with security standards.