SYM_CONF_0292 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The AWS Elastic Load Balancer (ELB) resource is configured without access logging enabled. Without logging, you won't have records of traffic or activity passing through the load balancer.
Impact
Without access logs, you lose visibility into requests and potential security incidents, making it difficult to audit activity, troubleshoot issues, or investigate breaches. This could allow malicious actions to go undetected and hinder compliance efforts.