Password authentication should be disabled on virtual machines

Severity	Exploitability	Providers	Categories
HIGH	MEDIUM	Azure	PERMISSION

Description

Password authentication on Azure virtual machines exposes them to many password-based attacks, such as brute force or word list attack.

A more secure authentication method should be used. The recommended one is SSH keys.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	True	False	False

Virtual machines may be exposed with all their contents.

Remediation guidelines

Configure your VMs to use SSH keys, then disable password authentication. A log review can be useful to verify the virtual machine has not been exposed.

References

Microsoft: Eliminate Password-Based Attacks on Azure Linux VMs

Password authentication should be disabled on virtual machines

Description

Impact

Remediation guidelines

References

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Password authentication should be disabled on virtual machines

Description​

Impact​

Remediation guidelines​

References​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Impact

Remediation guidelines

References