keyvault-content-type-for-secret
Key vault Secret should have a content type set
keyvault-ensure-secret-expires
Ensure that the expiration date is set on all secrets
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-262: Not Using Password Aging
keyvault-purge-enabled
Key vault should have purge protection enabled
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-693: Protection Mechanism Failure
keyvault-specify-network-acl
Network ACLs allow you to reduce your exposure to risk by limiting what can access your key vault. The default action of the Network ACL should be set to deny for when IPs are not matched. Azure services can be allowed to bypass.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
keyvault-ensure-key-expires
Ensure that the expiration date is set on all keys
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-262: Not Using Password Aging
keyvault-content-type-for-secret
Key vault Secret should have a content type set
keyvault-ensure-secret-expires
Ensure that the expiration date is set on all secrets
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-262: Not Using Password Aging
keyvault-purge-enabled
Key vault should have purge protection enabled
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-693: Protection Mechanism Failure
keyvault-specify-network-acl
Network ACLs allow you to reduce your exposure to risk by limiting what can access your key vault. The default action of the Network ACL should be set to deny for when IPs are not matched. Azure services can be allowed to bypass.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
keyvault-ensure-key-expires
Ensure that the expiration date is set on all keys
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-262: Not Using Password Aging