SYM_CONF_0050 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Service Fabric cluster configuration does not enforce the highest protection level ('EncryptAndSign') for communications. This means data exchanged between cluster nodes may not be fully encrypted and authenticated.
Impact
Without full encryption and signing, sensitive data within the cluster could be intercepted or tampered with by attackers, potentially leading to data breaches, unauthorized access, or manipulation of cluster operations.