TF 0424 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Storage accounts should be configured to only accept transfers that are over secure connections
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider | Azure |
| Vulnerability Type | misconfiguration |
Description
The storage account allows data transfers over insecure connections (HTTP), rather than enforcing secure transfers (HTTPS only). This misconfiguration exposes data in transit to potential interception or tampering.
Impact
If exploited, attackers could intercept or manipulate sensitive data transmitted to or from the storage account over unencrypted connections, leading to data breaches, unauthorized data access, or loss of data integrity.
Resolution
Only allow secure connection for transferring data into storage accounts