Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Azure managed disk resource is configured without encryption enabled, which means data stored on the disk is not protected at rest. This leaves sensitive information vulnerable to unauthorized access.
Impact#
Without disk encryption, attackers or malicious insiders who gain access to the underlying storage could read confidential data. This increases the risk of data breaches and may lead to regulatory compliance issues or loss of sensitive business information.