Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Service Fabric cluster configuration does not enforce the highest protection level (‘EncryptAndSign’) for communications. This means data exchanged between cluster nodes may not be fully encrypted and authenticated.
Impact#
Without full encryption and signing, sensitive data within the cluster could be intercepted or tampered with by attackers, potentially leading to data breaches, unauthorized access, or manipulation of cluster operations.