SYM_CONF_0049 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure managed disk resource is configured without encryption enabled, which means data stored on the disk is not protected at rest. This leaves sensitive information vulnerable to unauthorized access.
Impact
Without disk encryption, attackers or malicious insiders who gain access to the underlying storage could read confidential data. This increases the risk of data breaches and may lead to regulatory compliance issues or loss of sensitive business information.