Storage account should disallow insecure transfers
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | MEDIUM | Azure | NETWORK |
Description
The current storage account settings accept connections using HTTP or HTTPS.
Because of its lack of encryption, HTTP is not a secure protocol, and connection attempts to the storage account that use it should be rejected.
HTTPS connection must be enforced, which is the default setting.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | False | False | False |
Interception of data due to an insecure transfer.
Remediation guidelines
Enforce the HTTPS protocol in your storage account settings.
References
Was this page helpful?
