SYM_CONF_0101 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The app service is not configured with a managed identity, which means it lacks a secure way to authenticate with other Azure services. This can lead to insecure credential management or unauthorized access risks.
Impact
Without a managed identity, the app may require hardcoded credentials or less secure authentication methods, increasing the risk of credential leaks or unauthorized access to sensitive Azure resources. Attackers could exploit this to gain elevated permissions or access confidential data.