API Management frontend allows insecure TLS/SSL protocols Affecting API Management service in Azure
Severity Framework
Snyk CCSS
Rule category
Data / Encryption Protocols
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
CSA-CCM
ISO-27001
NIST-800-53
PCI-DSS
SOC-2
- Snyk ID SNYK-CC-00483
- credit Snyk Research Team
Description
Usage of outdated protocols poses a security risk and can prevent technical support. Using these protocols means your APIs are vulnerable to attack.
How to fix?
Set any Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.*
attributes to false
.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.ApiManagement/service",
"apiVersion": "2021-08-01",
"name": "allowed",
"location": "West Europe",
"sku": {
"name": "Standard",
"capacity": 1
},
"properties": {
"publisherName": "My Company",
"publisherEmail": "company@terraform.io",
"customProperties": {
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false"
}
}
}
]
}