Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Azure Function App is deployed without authentication enabled, allowing anyone to access its endpoints without verifying their identity. This leaves your application open to unauthorized access.
Impact#
Without authentication, attackers or unauthorized users could invoke your function app’s APIs, potentially exposing sensitive data, triggering unintended operations, or increasing the risk of abuse. This lack of access control can lead to data leaks, service misuse, or security breaches.