SYM_CONF_0051 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Cache for Redis resource is configured with public network access enabled, allowing anyone on the internet to reach the cache instance. This exposes sensitive data and services to unauthorized users.
Impact
If public network access is not disabled, attackers could connect to the Redis cache from outside the organization, potentially leading to data leaks, tampering, or disruption of application services. This increases the risk of unauthorized access and breaches.