Password authentication should be disabled on virtual machines
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Azure | PERMISSION |
Description
Password authentication on Azure virtual machines exposes them to many password-based attacks, such as brute force or word list attack.
A more secure authentication method should be used. The recommended one is SSH keys.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | False |
Virtual machines may be exposed with all their contents.
Remediation guidelines
Configure your VMs to use SSH keys, then disable password authentication. A log review can be useful to verify the virtual machine has not been exposed.