SYM_CONF_0291 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The AWS Elasticsearch domain is configured to allow TLS 1.0 connections, which uses outdated encryption algorithms that are no longer considered secure. This increases the risk of attackers intercepting or tampering with data in transit.
Impact
If exploited, attackers could decrypt or modify sensitive data transmitted between clients and the Elasticsearch service, potentially leading to data breaches or unauthorized access. This weakens the overall security of your cloud infrastructure and may violate compliance requirements.