App Service authentication is activated
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | appservice |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
The App Service is deployed without authentication enabled, allowing unauthenticated users to access the application. The missing ‘auth_settings’ block in the Terraform configuration leaves the app open to anonymous requests.
Impact#
Without authentication, anyone can send requests to the application, potentially exposing sensitive data or functionality to unauthorized users. This increases the risk of data breaches, account compromise, and abuse of application resources.
Resolution#
Enable authentication to prevent anonymous request being accepted