App Service allows FTP deployments Affecting App Service (Web Apps) service in Azure
Severity Framework
Snyk CCSS
Rule category
Data / Encryption in Transit
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
CIS-Controls
CSA-CCM
- Snyk ID SNYK-CC-00498
- credit Snyk Research Team
Description
FTP is a plain-text protocol that is vulnerable to manipulation and eavesdropping.
How to fix?
Set ftpsState to FtpsOnly or Disabled if not needed.