SYM_CONF_0282 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The AWS WorkSpaces root volume is not encrypted, meaning data stored on it is left unprotected at rest. This exposes sensitive information if the storage is accessed by unauthorized users.
Impact
Without encryption, attackers or insiders who gain access to the underlying storage could read, copy, or steal sensitive data from the root volume. This increases the risk of data breaches and may lead to regulatory non-compliance.