TF 0496 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
DAX Cluster should always encrypt data at rest
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | dynamodb |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The DAX cluster is configured without encryption at rest, meaning data stored on the underlying storage is not protected against unauthorized access. This leaves sensitive cache data exposed if the storage medium is accessed directly.
Impact
If the cluster storage is compromised, an attacker could read all cached data in plaintext, leading to potential data breaches, exposure of sensitive information, and non-compliance with data protection regulations.
Resolution
Enable encryption at rest for DAX Cluster