TF 0482 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Web App has registration with AD enabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | appservice |
| Provider | Azure |
Description
The application service is not registered with Azure Active Directory (AD), so it lacks an assigned managed identity. Without this, the service cannot securely authenticate to other Azure resources without embedding credentials in code.
Impact
Failure to assign an identity forces the use of less secure authentication methods, such as hardcoded usernames and passwords, increasing the risk of credential leaks and unauthorized access to other Azure services.
Resolution
Register the app identity with AD