Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Azure App Service resource is not configured to require client certificates, meaning users can access the app without proving their identity. This weakens authentication and allows unauthenticated connections.
Impact#
Without client certificate enforcement, attackers or unauthorized users could connect to the app, potentially exposing sensitive data or services to unauthorized access. This increases the risk of data breaches and unauthorized actions within your application.