Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The storage account is not configured to enforce HTTPS-only traffic, which allows data to be accessed over unencrypted HTTP connections. This exposes sensitive information to potential interception during transmission.
Impact#
Without HTTPS-only enforcement, attackers could intercept or tamper with data sent to and from the storage account over unsecured networks. This can lead to data breaches, unauthorized access, and compromise of confidential information.