Storage accounts should be configured to only accept transfers that are over secure connections
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider | Azure |
| Vulnerability Type | misconfiguration |
Description#
The storage account allows data transfers over insecure connections (HTTP), rather than enforcing secure transfers (HTTPS only). This misconfiguration exposes data in transit to potential interception or tampering.
Impact#
If exploited, attackers could intercept or manipulate sensitive data transmitted to or from the storage account over unencrypted connections, leading to data breaches, unauthorized data access, or loss of data integrity.
Resolution#
Only allow secure connection for transferring data into storage accounts