SYM_CONF_0140 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The Cloud SQL database instance is not configured to require SSL for incoming connections. This means data sent to and from the database could be transmitted in plaintext over the network.
Impact
Without SSL enforcement, sensitive information—such as credentials and personal data—can be intercepted by attackers during transit, leading to data breaches, account compromise, and regulatory violations.