API Management frontend allows insecure TLS/SSL protocols Affecting API Management service in Azure

Snyk CCSS

Data / Encryption Protocols

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2

Snyk ID SNYK-CC-00483
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Usage of outdated protocols poses a security risk and can prevent technical support. Using these protocols means your APIs are vulnerable to attack.

How to fix?

Set any Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.* attributes to false.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.ApiManagement/service",
            "apiVersion": "2021-08-01",
            "name": "allowed",
            "location": "West Europe",
            "sku": {
                "name": "Standard",
                "capacity": 1
            },
            "properties": {
                "publisherName": "My Company",
                "publisherEmail": "company@terraform.io",
                "customProperties": {
                    "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
                    "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false",
                    "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false"
                }
            }
        }
    ]
}

ARM

Microsoft.ApiManagement service

Terraform

Resource: azurerm_api_management

References

Manage protocols and ciphers in Azure API Management