SYM_CONF_0099 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Authentication
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The App Service is not configured with a managed identity in its Terraform resource definition. Without this, the app may need to use hardcoded credentials to access other Azure services, which is insecure.
Impact
If a managed identity is not set, the app may store or transmit sensitive credentials, increasing the risk of credential leakage or misuse. Attackers could exploit these exposed secrets to gain unauthorized access to resources or escalate privileges within your Azure environment.