Redis Cache Allows Non SSL Connections

  • Query id: 869e7fb4-30f0-4bdb-b360-ad548f337f2f
  • Query name: Redis Cache Allows Non SSL Connections
  • Platform: Ansible
  • Severity: Medium
  • Category: Insecure Configurations
  • URL: Github

Description

Redis Cache resources should not allow non-SSL connections
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: Non SSl Allowed
  azure_rm_rediscache:
      resource_group: myResourceGroup
      name: myRedis
      enable_non_ssl_port: yes

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Non SSl Disallowed
  azure_rm_rediscache:
    resource_group: myResourceGroup
    name: myRedis
    enable_non_ssl_port: no
- name: Non SSl Undefined
  azure_rm_rediscache:
    resource_group: myResourceGroup
    name: myRedis