TF 0281 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
RDP access should not be accessible from the Internet, should be blocked on port 3389
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Azure |
| Vulnerability Type | misconfiguration |
Description
The network security group allows inbound RDP (port 3389) access from any IP address, effectively exposing RDP services directly to the public internet. This configuration makes it possible for anyone to attempt remote desktop connections to the resource.
Impact
Exposing RDP to the internet significantly increases the risk of unauthorized access, brute-force attacks, and potential system compromise. An attacker could gain remote control over affected virtual machines, leading to data theft, service disruption, or further attacks within the cloud environment.
Resolution
Block RDP port from internet