TF 0212 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
There is no encryption specified or encryption is disabled on the RDS Cluster.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | rds |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The RDS Aurora cluster is configured without storage encryption enabled or without specifying a KMS key, leaving data at rest unprotected. This misconfiguration allows data to be stored in plaintext on disk.
Impact
If the RDS cluster is compromised, attackers could access and read unencrypted database files, exposing sensitive application or customer data and potentially violating compliance requirements.
Resolution
Enable encryption for RDS clusters