TF 0026 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Elasticache Replication Group stores unencrypted data at-rest.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | elasticache |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The ElastiCache replication group is configured without at-rest encryption, meaning data stored on disk is not protected. This allows sensitive information in the cache to be stored in plaintext on the underlying storage.
Impact
If the underlying storage is accessed by an unauthorized party—due to compromise, misconfiguration, or insider threat—unencrypted data could be read directly. This exposes confidential information such as user data, application secrets, or session details, increasing the risk of data breaches and regulatory violations.
Resolution
Enable at-rest encryption for replication group