SYM_CONF_0081 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Automation account variables in Azure are being created without enabling encryption. This means sensitive values stored in these variables are left unprotected and can be accessed in plain text.
Impact
If these variables contain secrets or confidential information, attackers or unauthorized users could read them, potentially leading to data leaks, privilege escalation, or further compromise of Azure resources.