Azure Cache for Redis

Insecure TLS Version Supported

Risk Level: Medium

Description

This module guarantees that Azure Cache for Redis is utilizing the most recent TLS variant. TLS adaptations 1.0 and 1.1 are known to be helpless to assaults, and to have other Common Vulnerabilities and Exposures (CVE) weaknesses. So there's an industry-wide push toward the selective utilization of Transport Layer Security(TLS) from 1.2 or later.

About the Service

Azure Cache for Redis:

Azure Cache for Redis is a fully managed, in-memory cache that enables high-performance and scalable architectures. Use it to create cloud or hybrid deployments that handle millions of requests per second at sub-millisecond latency—all with the configuration, security, and availability benefits of a managed service. For more information, click here.

Impact

The Transport Layer Security (TLS) convention is intended to work with protection and information security for interchanges over various sorts of organizations, including the Internet. TLS variants 1.0 and 1.1 are known to be helpless to specific Common Vulnerabilities and Exposures (CVE) shortcomings and assaults like POODLE and BEAST. These two TLS convention adaptations don't uphold the cutting-edge encryption techniques and code suites suggested by the Payment Card Industry (PCI) consistency guidelines. To follow cloud security best practices and PCI security consistency norms, Cloud Conformity unequivocally suggests empowering the most recent adaptation of the TLS convention (for example TLS form 1.2) for all Microsoft Azure Redis Cache servers that are utilizing on the way encryption.

Steps to Reproduce

In order to determine, if Azure Redis Cache servers are configured to use the latest TLS version, follow the steps given below:


Using Azure Console-

  1. Firstly, sign in to the Azure Management Console with your registered organization email address.
  2. Under Azure Services, choose Subscriptions.
  3. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
  4. Now, under All Services option, select Azure Cache for Redis nav link.
  5. A list of all Azure Cache for Redis will be shown up. Choose the name of the Redis Cache Server that you want to examine.
  6. In the navigation panel, under the Settings choose Advanced Settings. A new page with details of the selected cache for Redis will appear.
  7. On the Advanced settings page, check for the Minimum TLS Version configuration settings. In case, the value is set to be 1.0 or 1.1, then the selected Azure Redis Cache server is not set to the latest available TLS version(1.2). 
  8. Follow the steps above, for other Redis Cache Server in the current subscription as well as in other subscriptions in your Azure Cloud.

Steps for Remediation

In order to reconfigure Azure Redis Cache servers to use the latest TLS Version(1.2), follow the steps given below:


Using Azure Console-

  1. Firstly, sign in to the Azure Management Console with your registered organization email address.
  2. Under Azure Services, choose Subscriptions.
  3. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
  4. Now, under All Services option, select Azure Cache for Redis nav link.
  5. A list of all Azure Cache for Redis will show up. Choose the name of the Redis Cache Server that you want to examine.
  6. In the navigation panel, under the Settings choose Advanced Settings. A new page with details of the selected cache for Redis will appear.
  7. On the Advanced settings page, check for the Minimum TLS Version configuration settings. In case, the value is set to be 1.0 or 1.1, then the selected Azure Redis Cache server is not set to the latest available TLS version(1.2). 
  8. In the dropdown list, select the 1.2 version of the Minimum TLS version.
  9. Now, click on the Save button to save your current settings.
  10. Follow the steps above, for other Redis Cache Server in the current subscription as well as in other subscriptions in your Azure Cloud.

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support