Homepage

API Management frontend allows insecure TLS/SSL protocols Affecting API Management service in Azure

Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Data/ Encryption Protocols

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-ControlsCSA-CCMISO-27001NIST-800-53PCI-DSSSOC-2
  • Snyk IDSNYK-CC-00483
  • creditSnyk Research Team
Report a new misconfiguration Found a mistake?

Description

Usage of outdated protocols poses a security risk and can prevent technical support. Using these protocols means your APIs are vulnerable to attack.

How to fix?

Set any Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.* attributes to false.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.ApiManagement/service",
            "apiVersion": "2021-08-01",
            "name": "allowed",
            "location": "West Europe",
            "sku": {
                "name": "Standard",
                "capacity": 1
            },
            "properties": {
                "publisherName": "My Company",
                "publisherEmail": "company@terraform.io",
                "customProperties": {
                    "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
                    "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false",
                    "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false"
                }
            }
        }
    ]
}