TF 0017 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
DocumentDB storage must be encrypted
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | documentdb |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The DocumentDB cluster is configured without storage encryption, leaving data at rest unprotected. This allows sensitive information on the underlying disks to remain readable if physical storage is compromised.
Impact
If exploited, attackers or unauthorized parties with access to the physical storage could retrieve unencrypted database contents, leading to data breaches of sensitive information and possible regulatory violations.
Resolution
Enable storage encryption