Virtual machine is configured with password authentication for admin Affecting Compute service in Azure

Severity Framework Snyk CCSS

Rule category Keys and Secrets / Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls

Snyk ID SNYK-CC-00509
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

The secret value will be readable to anyone with access to the version control system, which can lead to unauthorized data disclosure or privilege escalation.

How to fix?

Set properties.osProfile.linuxConfiguration.ssh attribute instead of password authentication.

Terraform

Resource: azurerm_linux_virtual_machine
Resource: azurerm_virtual_machine

References

Quick steps: Create and use an SSH public-private key pair for Linux VMs in Azure