SYM_CONF_0227 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Missing Encryption of Sensitive Data
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
This code defines an AWS SQS queue in Terraform without enabling server-side encryption. As a result, messages stored in the queue are not protected and can be read in plain text if accessed.
Impact
If the SQS queue is compromised, sensitive data could be exposed to unauthorized users or attackers. This may lead to data breaches, leakage of confidential information, and violation of compliance requirements such as GDPR or HIPAA.