SYM_CONF_0225 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Missing Encryption of Sensitive Data
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The AWS SNS topic is not configured to use encryption, meaning messages published to the topic are stored in plaintext. Without a KMS key, sensitive data sent through SNS could be exposed if the topic is accessed by unauthorized users.
Impact
If the SNS topic is compromised, attackers could read all messages sent to it, leading to potential data leaks of confidential information, regulatory violations, or exposure of internal communications. Lack of encryption increases the risk of unauthorized data access within your AWS environment.