Configuration
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-16: CWE CATEGORY: Configuration |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The storage account network rules are configured with ‘default_action’ set to ‘Allow’ instead of ‘Deny’, which means that, by default, network traffic is permitted unless explicitly blocked. This leaves the storage account open to unintended access from unauthorized sources.
Impact#
If the default action is not set to ‘Deny’, attackers or unauthorized users could potentially access sensitive data in the storage account from untrusted networks. This increases the risk of data breaches, information leakage, and potential compliance violations for the organization.