Improper Authentication
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Azure Function App is deployed without authentication enabled in its ‘auth_settings’ configuration. This means users can access the app without verifying their identity, leaving endpoints unprotected.
Impact#
Without authentication, anyone can invoke the function app’s endpoints, potentially exposing sensitive operations or data to unauthorized users. Attackers could exploit this to gain access, manipulate data, or abuse backend services, leading to data breaches or service misuse.