SYM_CONF_0295 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Inadequate Encryption Strength
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The AWS Secrets Manager secret is not explicitly configured to use a customer-managed KMS key for encryption. Relying only on the default AWS-managed key reduces control over how your secrets are protected.
Impact
If an attacker compromises the default AWS-managed key or if stricter compliance is required, your secrets could be more easily accessed or not meet security standards. This could lead to unauthorized disclosure of sensitive information managed in Secrets Manager.