Not setting deny as a default rule for a storage account's network access can lead to data leaks
Severity | Exploitability | Providers | Categories |
---|
HIGH | HIGH | Azure | NETWORK |
Description
By setting the default rule of network access to allow
, you are leaving your storage
account exposed to unwanted connections. This could allow attackers to bruteforce access
to your storage account, or access it freely in case of credentials leaks.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|
True | True | False | False |
- Data leak.
- Data tampering.
- Set the default access to
deny
. - Identify which Azure Virtual Networks should have access to your storage,
and allow them.
- Identify which ranges of IP addresses should have access to your storage,
and allow them.
References