Issue search
Which component is affected?
Prowler CLI/SDK
Cloud Provider (if applicable)
Azure
Steps to Reproduce
The CIS check "9.1.3 Ensure 'SMB channel encryption' is Set to 'AES-256-GCM' or Higher for SMB file shares" is mapped to storage_smb_channel_encryption_with_secure_algorithm. However, that check only looks for AES-256-GCM within the list of algorithms. So if a weaker algorithm is enabled, the check still works.
Either a new stricter check needs to be created and mapped to the CIS check, or assuming the check was set up to satisfy the CIS mapping anyway, it should check that no weaker algorithms are in the list.
Expected behavior
storage_smb_channel_encryption_with_secure_algorithm should FAIL if 128 algorithms are enabled alongside AES-256-GCM
Actual Result with Screenshots or Logs
N/A
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
- workstation
OS used
- Windows
Prowler version
5.24.4
Python version
3.12
Pip version
NK
Context
No response
Issue search
Which component is affected?
Prowler CLI/SDK
Cloud Provider (if applicable)
Azure
Steps to Reproduce
The CIS check "9.1.3 Ensure 'SMB channel encryption' is Set to 'AES-256-GCM' or Higher for SMB file shares" is mapped to storage_smb_channel_encryption_with_secure_algorithm. However, that check only looks for AES-256-GCM within the list of algorithms. So if a weaker algorithm is enabled, the check still works.
Either a new stricter check needs to be created and mapped to the CIS check, or assuming the check was set up to satisfy the CIS mapping anyway, it should check that no weaker algorithms are in the list.
Expected behavior
storage_smb_channel_encryption_with_secure_algorithm should FAIL if 128 algorithms are enabled alongside AES-256-GCM
Actual Result with Screenshots or Logs
N/A
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
OS used
Prowler version
5.24.4
Python version
3.12
Pip version
NK
Context
No response