Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The App Service resource is not configured to enforce TLS 1.2, allowing older and less secure versions of TLS. This weakens the encryption for data transmitted to and from your application.
Impact#
Without enforcing TLS 1.2, attackers may exploit outdated encryption protocols to intercept or manipulate sensitive data in transit, risking exposure of user information and potential compliance violations.