Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Azure App Service is deployed without authentication enabled in its configuration. This means users can access the application without verifying their identity, leaving it unprotected.
Impact#
Without authentication, anyone can access your app, exposing sensitive data and functionality to unauthorized users. Attackers could exploit this to steal information, modify data, or disrupt your service, leading to data breaches and compliance violations.