TF 0226 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
A KMS key is not configured to auto-rotate.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | kms |
| Provider | AWS |
| Vulnerability Type | omission |
Description
KMS keys are not configured with automatic rotation, resulting in cryptographic keys being used for extended periods without change. This increases the risk associated with key compromise due to prolonged exposure.
Impact
If a long-lived KMS key is compromised, an attacker could decrypt sensitive data or perform unauthorized actions for as long as the key remains active. Failure to rotate keys regularly increases the attack surface and the window of opportunity for misuse.
Resolution
Configure KMS key to auto rotate