Password authentication should be disabled on Azure virtual machines
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
The virtual machine is configured to allow password-based authentication, which relies on user-supplied passwords instead of more secure SSH key authentication. This increases the risk of unauthorized access due to weak, reused, or leaked passwords.
Impact#
If exploited, attackers could compromise the server via brute-force or credential stuffing attacks, potentially gaining full control over the VM. This can lead to data breaches, service disruption, or use of the VM for malicious activity within the organization’s Azure environment.
Resolution#
Use ssh authentication for virtual machines