App Service allows FTP deployments AffectingApp Service (Web Apps) service inAzure

Severity

0.0

high

Severity Framework

Snyk CCSS

Rule category

Data/ Encryption in Transit

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-AzureCIS-ControlsCSA-CCM

Snyk IDSNYK-CC-00498
creditSnyk Research Team

Report a new misconfiguration Found a mistake?

Description

FTP is a plain-text protocol that is vulnerable to manipulation and eavesdropping.

How to fix?

SetftpsState toFtpsOnly orDisabled if not needed.

Setsite_config.ftps_state toFtpsOnly orDisabled.

Example configuration:

resource "azurerm_app_service" "allowed1" {  name                = "example-app-servicea1"  location            = azurerm_resource_group.example498v.location  resource_group_name = azurerm_resource_group.example498v.name  app_service_plan_id = azurerm_app_service_plan.example498v.id  site_config {    ftps_state = "FtpsOnly"  }}

Terraform

azurerm_app_service

References

Deploy your app to Azure App Service using FTP/S