TF 0112 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Athena workgroups should enforce configuration to prevent client disabling encryption
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | athena |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description
The Athena workgroup is not enforcing encryption settings, allowing clients to override and potentially disable encryption for query results. This weakens data protection by making encryption optional rather than mandatory.
Impact
If exploited, clients can bypass required encryption, leading to sensitive query results being stored unencrypted. This increases the risk of data exposure, non-compliance with security policies or regulations, and potential data breaches.
Resolution
Enforce the configuration to prevent client overrides