Information disclosure from public network access on Cognitive Services account in Terraform

High Risk infrastructure-security
azurecognitive-servicesnetwork-securitypublic-accessterraforminformation-disclosureai-security

What it is

Azure Cognitive Services accounts configured to allow public network access expose AI endpoints and keys to the internet, enabling unauthorized access, data theft, abuse, and potential brute-force attacks. This vulnerability allows attackers to access AI services without proper network restrictions.

# VULNERABLE: Cognitive Services with public access
resource "azurerm_cognitive_account" "vulnerable_ai" {
  name                = "vulnerable-cognitive-services"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  kind                = "TextAnalytics"
  sku_name           = "S0"
  
  # VULNERABLE: Public access enabled (default)
  public_network_access_enabled = true
  
  # Basic configuration without network restrictions
  tags = {
    environment = "production"
  }
}

# VULNERABLE: OpenAI service with internet access
resource "azurerm_cognitive_account" "vulnerable_openai" {
  name                = "vulnerable-openai"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  kind                = "OpenAI"
  sku_name           = "S0"
  
  # VULNERABLE: No network restrictions
  # public_network_access_enabled defaults to true
  
  tags = {
    service = "ai-chat"
  }
}

# VULNERABLE: Computer Vision with broad network access
resource "azurerm_cognitive_account" "vulnerable_vision" {
  name                = "vulnerable-computer-vision"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  kind                = "ComputerVision"
  sku_name           = "S1"
  
  # VULNERABLE: Allows all network access
  public_network_access_enabled = true
  
  # No network_acls configuration
  tags = {
    purpose = "image-processing"
  }
}
# SECURE: Cognitive Services with private access only
resource "azurerm_cognitive_account" "secure_ai" {
  name                = "secure-cognitive-services"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  kind                = "TextAnalytics"
  sku_name           = "S0"
  
  # SECURE: Disable public network access
  public_network_access_enabled = false
  
  tags = {
    environment = "production"
  }
}

# SECURE: OpenAI with private access
resource "azurerm_cognitive_account" "secure_openai" {
  name                = "secure-openai"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  kind                = "OpenAI"
  sku_name           = "S0"
  
  # SECURE: Disable public access
  public_network_access_enabled = false
  
  tags = {
    service = "ai-chat"
  }
}

# SECURE: Computer Vision without public access
resource "azurerm_cognitive_account" "secure_vision" {
  name                = "secure-computer-vision"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
  kind                = "ComputerVision"
  sku_name           = "S1"
  
  # SECURE: No public access
  public_network_access_enabled = false
  
  tags = {
    purpose = "image-processing"
  }
}

💡 Why This Fix Works

The vulnerable examples show Cognitive Services accounts with public_network_access_enabled set to true or using default settings that allow internet access. The secure alternatives disable public access, implement private endpoints, configure network ACLs, and use managed identities for authentication. This ensures AI services are only accessible through private networks with proper security controls.

Why it happens

Azure Cognitive Services accounts are created with public network access enabled by default, making them accessible from the internet without explicit network restrictions or private endpoint configuration.

Root causes

Default Public Access Configuration

Azure Cognitive Services accounts are created with public network access enabled by default, making them accessible from the internet without explicit network restrictions or private endpoint configuration.

Lack of Private Endpoint Implementation

Organizations deploy Cognitive Services without implementing private endpoints or VNet integration, leaving the services exposed to internet traffic instead of restricting access to private networks.

Fixes

1

Disable Public Network Access

Set public_network_access_enabled to false on the Cognitive Services account to prevent internet access and force all traffic through private endpoints.

2

Implement Private Endpoints

Create Azure Private Endpoints for Cognitive Services and configure private DNS zones to ensure all traffic flows through your virtual network infrastructure.

3

Configure Network ACLs and IP Restrictions

If public access is required, implement strict IP allowlists and network ACLs to limit access to specific trusted IP ranges and implement additional authentication controls.

Detect This Vulnerability in Your Code

Sourcery automatically identifies information disclosure from public network access on cognitive services account in terraform and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities