TF 0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
A MSK cluster allows unencrypted data in transit.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | msk |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The MSK (Managed Streaming for Kafka) cluster is configured to allow unencrypted data transmission between clients and brokers or between cluster nodes. This exposes data in transit to potential interception, as communications are not secured with encryption protocols like TLS.
Impact
Without in-transit encryption, sensitive information such as messages, credentials, or configuration data sent through the Kafka cluster can be intercepted and read by unauthorized parties. This could lead to data breaches, unauthorized access, or compromise of confidential information within the organization.
Resolution
Enable in transit encryption