Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The storage account is not explicitly configured to require the latest version of TLS (1.2 or higher) for data encryption in transit. This means weaker or outdated encryption protocols might be allowed, putting sensitive data at risk.
Impact#
If older TLS versions are permitted, attackers could exploit known vulnerabilities to intercept or tamper with data sent to and from the storage account. This can lead to data breaches, unauthorized access, or data manipulation, exposing sensitive information and violating compliance requirements.