Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The firewall rule allows incoming RDP (TCP port 3389) connections from any IP address, exposing remote desktop access to the public internet. This unrestricted access makes the server vulnerable to unauthorized login attempts and attacks.
Impact#
If exploited, attackers could attempt to gain remote control of your virtual machines via RDP, leading to possible data breaches, resource misuse, or full environment compromise. Exposing RDP to the internet significantly increases the risk of brute-force attacks and unauthorized access.