The minimum TLS version for Storage Accounts should be TLS1_2
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider | Azure |
| Vulnerability Type | misconfiguration |
Description#
The storage account is configured to allow outdated TLS versions (TLS 1.0 or 1.1), which have known security flaws. This setting does not enforce the use of TLS 1.2, leaving data transmissions vulnerable to insecure protocols.
Impact#
Allowing older TLS versions exposes the storage account to risks such as data interception, man-in-the-middle attacks, and potential compromise of sensitive information. Attackers could exploit these weaknesses to decrypt or tamper with data in transit, threatening both data confidentiality and integrity.
Resolution#
Use a more recent TLS/SSL policy for the load balancer