SYM_CONF_0116 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Authentication
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Function App is deployed without authentication enabled in its 'auth_settings' configuration. This means users can access the app without verifying their identity, leaving endpoints unprotected.
Impact
Without authentication, anyone can invoke the function app’s endpoints, potentially exposing sensitive operations or data to unauthorized users. Attackers could exploit this to gain access, manipulate data, or abuse backend services, leading to data breaches or service misuse.