SYM_CONF_0095 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Authentication
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The application’s Azure App Service is deployed without authentication enabled in the 'auth_settings' block. This means users can access the app without verifying their identity, leaving it open to unauthorized access.
Impact
Without authentication, anyone can interact with your application, potentially exposing sensitive data or critical functions to attackers. This could lead to data breaches, unauthorized changes, or abuse of your cloud resources, putting your organization at significant risk.