Use of a Broken or Risky Cryptographic Algorithm in Terraform
High severity
GitHub Reviewed
Published
May 18, 2021
to the GitHub Advisory Database
•
Updated Sep 6, 2024
Description
Published by the National Vulnerability Database
Dec 2, 2019
Reviewed
May 13, 2021
Published to the GitHub Advisory Database
May 18, 2021
Last updated
Sep 6, 2024
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
Specific Go Packages Affected
github.com/hashicorp/terraform/backend/remote-state/azure
References