TF 0064 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
KMS keys should be rotated at least every 90 days
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | kms |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
KMS cryptographic keys are configured with a rotation period longer than 90 days, increasing the window during which a compromised key can be abused. Regular rotation is not enforced, leaving keys active for extended durations.
Impact
If a key is compromised, attackers can use it for a longer time without detection or mitigation, potentially leading to unauthorized data access, persistent decryption of sensitive information, and prolonged exposure of critical resources.
Resolution
Set key rotation period to 90 days