Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure Data Factory resource is configured with public network access enabled, which allows connections from the internet. This exposes the service to unauthorized users and increases the risk of external attacks.

Impact

If public network access is not disabled, attackers could attempt to access, manipulate, or exfiltrate data from your Data Factory instance over the internet. This could lead to data breaches, unauthorized data processing, or compromise of sensitive workflows.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The SQL server is configured to allow public network access, which exposes the database to the internet. This increases the risk of unauthorized access or attacks from external sources.

Impact

If public access is enabled, attackers could attempt to connect to the SQL server from anywhere, potentially leading to data breaches, data loss, or service disruptions. This exposure makes it easier for malicious actors to exploit weak credentials or vulnerabilities in the database server.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure App Service is deployed without authentication enabled in its configuration. This means users can access the application without verifying their identity, leaving it unprotected.

Impact

Without authentication, anyone can access your app, exposing sensitive data and functionality to unauthorized users. Attackers could exploit this to steal information, modify data, or disrupt your service, leading to data breaches and compliance violations.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The app service is not configured with a managed identity, which means it lacks a secure way to authenticate with other Azure services. This can lead to insecure credential management or unauthorized access risks.

Impact

Without a managed identity, the app may require hardcoded credentials or less secure authentication methods, increasing the risk of credential leaks or unauthorized access to sensitive Azure resources. Attackers could exploit this to gain elevated permissions or access confidential data.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Azure App Service is missing proper authentication settings, which means users can access the service without verifying their identity. This leaves your app exposed to unauthorized access.

Impact

Without authentication, attackers or unauthorized users could gain access to sensitive resources, modify application data, or disrupt service functionality. This may lead to data breaches, service misuse, or compliance violations.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The storage account’s network rules do not allow trusted Microsoft services (like Azure Backup or Azure Monitoring) to bypass network restrictions. This can cause essential Microsoft services to be blocked from accessing the storage account.

Impact

If trusted Microsoft services cannot bypass network rules, critical features like backups, logging, or monitoring may fail. This can lead to operational issues, data loss, or reduced visibility into security events, impacting the reliability and supportability of your cloud resources.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Key Vault resource is configured without setting the network ACL ‘default_action’ to ‘Deny’. This means that, by default, network traffic not explicitly allowed may still access the Key Vault, increasing exposure to unauthorized access.

Impact

If exploited, attackers or unauthorized users could potentially connect to and access sensitive secrets or keys stored in the Key Vault from unapproved networks. This can lead to data breaches, secret leakage, and compromise of secure operations relying on the Key Vault.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The AKS (Azure Kubernetes Service) cluster is not configured as a private cluster, meaning it is accessible over the public internet. This exposes the Kubernetes API server to unauthorized access.

Impact

Leaving the AKS cluster public increases the risk of attackers gaining access to cluster management endpoints, potentially allowing them to view, modify, or disrupt workloads. This can lead to data breaches, service disruption, or unauthorized resource usage.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The AKS cluster is missing the ‘api_server_authorized_ip_ranges’ setting, which means the Kubernetes API server is accessible from any IP address. This exposes the cluster’s management interface to the public internet without network restrictions.

Impact

Without restricting access to trusted IP ranges, attackers can attempt to access or attack the Kubernetes API server from anywhere, increasing the risk of unauthorized access, cluster compromise, and potential data breaches.

Improper Access Control

Property
Languagehcl
Severitylow
CWECWE-284: Improper Access Control
OWASPA05:2017 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The API Management service is not configured to use a virtual network, which means its endpoints are exposed to the public internet instead of being isolated within a private network.

Impact

Without virtual network integration, API Management services are more accessible to unauthorized users, increasing the risk of unauthorized access, data exposure, and potential attacks from the internet. This can compromise sensitive APIs and internal resources.