Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Cognitive Services account in Azure is configured to allow public network access, which means anyone on the internet could potentially reach the service. This setting exposes sensitive resources to unauthorized users.
Impact#
If public network access is enabled, attackers could attempt to connect to and exploit the Cognitive Services account from outside your organization, leading to data leakage, unauthorized use of APIs, or abuse of resources. This increases the risk of breaches and service misuse.