SYM_CONF_0072 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The PostgreSQL server resource in your Terraform configuration does not have infrastructure encryption enabled. This means data stored on Azure’s infrastructure is not encrypted at rest, increasing the risk of unauthorized data access.
Impact
Without infrastructure encryption, sensitive data could be exposed if Azure's underlying storage is compromised or accessed by unauthorized parties. This can lead to data breaches, regulatory non-compliance, and loss of trust in your application or organization.