TF 0151 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
App Service authentication is activated
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | appservice |
| Provider | Azure |
| Vulnerability Type | omission |
Description
The App Service is deployed without authentication enabled, allowing unauthenticated users to access the application. The missing 'auth_settings' block in the Terraform configuration leaves the app open to anonymous requests.
Impact
Without authentication, anyone can send requests to the application, potentially exposing sensitive data or functionality to unauthorized users. This increases the risk of data breaches, account compromise, and abuse of application resources.
Resolution
Enable authentication to prevent anonymous request being accepted