TF 0312 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Web App uses latest TLS version
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | appservice |
| Provider | Azure |
| Vulnerability Type | misconfiguration |
Description
The App Service is configured to allow outdated TLS versions (such as TLS 1.0 or 1.1), which have known security vulnerabilities. This exposes encrypted communications to potential interception or tampering.
Impact
Attackers could exploit weaknesses in older TLS protocols to decrypt sensitive data, perform man-in-the-middle attacks, or compromise user authentication, resulting in data breaches or unauthorized access to the application.
Resolution
The TLS version being outdated and has known vulnerabilities