SYM_CONF_0087 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure App Service resource is not configured to require client certificates, meaning users can access the app without proving their identity. This weakens authentication and allows unauthenticated connections.
Impact
Without client certificate enforcement, attackers or unauthorized users could connect to the app, potentially exposing sensitive data or services to unauthorized access. This increases the risk of data breaches and unauthorized actions within your application.