SYM_CONF_0241 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Missing Encryption of Sensitive Data
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
The AWS Kinesis stream resource is not configured to encrypt data at rest. This means any data stored in the stream is unprotected and could be accessed in plain text if the underlying storage is compromised.
Impact
If an attacker gains access to the Kinesis stream storage layer, they could read sensitive or confidential data directly. This exposes your organization to data breaches, regulatory violations, and potential reputational damage due to unprotected information.