SYM_CONF_0263 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
Sensitive AWS credentials are hard-coded directly into Lambda environment variables within your Terraform code. This exposes secrets in source control and increases the risk of accidental leaks.
Impact
If these credentials are exposed, attackers could gain unauthorized access to your AWS resources, potentially leading to data theft, service disruption, or significant financial loss. Compromised secrets can be exploited to escalate privileges or launch further attacks on your cloud infrastructure.