Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The App Service is not configured to require client certificates, which means users can connect without proving their identity. This weakens authentication and allows anyone to access the service if they know the endpoint.
Impact#
Without client certificate enforcement, attackers could connect to the App Service without proper authentication, increasing the risk of unauthorized access, data leaks, and potential compromise of sensitive information or application functions.