TF 0145 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Launch configuration with unencrypted block device.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The launch configuration defines one or more block devices without enabling encryption, leaving data stored on these volumes unprotected at rest. This configuration fails to secure sensitive information from unauthorized access if the storage is exposed.
Impact
Unencrypted block devices can be accessed by attackers who gain physical or administrative access to the storage, enabling them to read sensitive data such as credentials, personal information, or application secrets. This exposes the organization to data breaches, regulatory violations, and loss of customer trust.
Resolution
Turn on encryption for all block devices