Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The virtual machine scale set is not configured with host-level encryption, which means that data stored on the VM host is not automatically encrypted at rest. This leaves sensitive information vulnerable if the underlying hardware is accessed without proper authorization.
Impact#
Without enabling encryption at host, attackers or unauthorized personnel with physical or administrative access to Azure infrastructure could potentially access unencrypted data stored on VM disks. This increases the risk of data breaches and exposure of confidential information, potentially violating compliance requirements.