SYM_CONF_0108 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Not Using Password Aging
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-262: Not Using Password Aging |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code defines Azure Key Vault secrets without specifying an expiration date. This means secrets may remain valid indefinitely, increasing the risk if they are ever leaked or compromised.
Impact
Without an expiration date, old or unused secrets might stay active, making it easier for attackers to exploit stale credentials. This can lead to unauthorized access to sensitive resources and increase the organization's overall security exposure.