SYM_CONF_0237 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Timestream database is not configured to use a customer-managed KMS encryption key (CMK) for data at rest. Without specifying a CMK, you have less control over key access and rotation, which weakens data protection.
Impact
If exploited, sensitive data stored in the Timestream database could be more vulnerable to unauthorized access or exposure. Attackers or malicious insiders may gain access to unencrypted or weakly protected data, risking compliance violations and data breaches.