SYM_CONF_0083 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The key vault keys in your Azure configuration are not set to be backed by a Hardware Security Module (HSM). Without HSM backing, cryptographic keys are stored in software, which offers less protection against theft or compromise.
Impact
If keys are not HSM-backed, attackers who gain access to the key vault or underlying infrastructure may be able to extract sensitive cryptographic keys more easily. This can lead to unauthorized data decryption, data breaches, or loss of control over protected resources.