Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The virtual machine scale set is configured to allow password authentication, which makes it easier for attackers to try brute-force or stolen password attacks. Disabling password authentication and using SSH keys improves security by requiring stronger, less guessable credentials.
Impact#
If password authentication is enabled, attackers may gain unauthorized access by guessing or obtaining weak, reused, or compromised passwords. This can lead to full control over the virtual machines, data breaches, or disruption of services within your Azure environment.