Ensure that all your Microsoft Azure Redis Cache servers are using the latest available version of TLS encryption protocol in order to enhance the security of the SSL/TLS connection between the cache servers and their web applications, and comply with the industry standards.
PoC代码[已公开]
id: azure-redis-tls-version-outdated
info:
name: Azure Redis Cache TLS Version Not Latest
author: princechaddha
severity: medium
description: |
Ensure that all your Microsoft Azure Redis Cache servers are using the latest available version of TLS encryption protocol in order to enhance the security of the SSL/TLS connection between the cache servers and their web applications, and comply with the industry standards.
impact: |
Using an outdated version of TLS can reduce the security level of communications between clients and servers, potentially exposing data to interception or manipulation.
remediation: |
Upgrade the TLS version of your Azure Redis Cache servers to the latest version supported by Microsoft Azure to enhance security and compliance with industry standards.
reference:
- https://docs.microsoft.com/en-us/azure/redis-cache/
tags: cloud,devops,azure,microsoft,redis,azure-cloud-config
flow: |
code(1);
for (let RedisData of iterate(template.redisIdList)) {
set("name", RedisData);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az redis list --query '[*].{"id":id}'
extractors:
- type: json
name: redisIdList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az redis show --ids "$name" --query '{"MinimumTLSVersion":minimumTlsVersion}'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '1.0'
- '1.1'
negative: true
- type: word
part: body
words:
- '.'
extractors:
- type: dsl
dsl:
- 'name + " is using outdated TLS version"'
# digest: 4b0a00483046022100ae3d6dbc8c5fe133c85f11277eb81e846edba86454f050572d88eddaa27a7e70022100b132e3241b5e4e8e4c739a709ed340cff8b8b7ae251d4e5a5b352219083debd9:922c64590222798bb761d5b6d8e72950