Storage account should disallow insecure transfers
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Azure | NETWORK |
Description
The current storage account settings accept connections using HTTP or HTTPS.
Because of its lack of encryption, HTTP is not a secure protocol, and connection attempts to the storage account that use it should be rejected.
HTTPS connection must be enforced, which is the default setting.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Interception of data due to an insecure transfer.
Remediation guidelines
Enforce the HTTPS protocol in your storage account settings.