SYM_CONF_0245 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Missing Encryption of Sensitive Data
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The Athena workgroup is configured to allow client-side overrides, meaning users can disable required encryption settings. This undermines enforced security controls and exposes sensitive query results to potential risks.
Impact
If exploited, clients could run queries without encryption, leading to unprotected storage or transmission of sensitive data. This increases the risk of data breaches, regulatory non-compliance, and unauthorized access to confidential information.