Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The key vault key resource is missing an expiration date, meaning the cryptographic key will remain valid indefinitely. This increases the risk of the key being used longer than intended and makes key rotation harder to enforce.
Impact#
Without an expiration date, old or potentially compromised keys may remain active and usable, increasing the risk of unauthorized data access or misuse. Attackers could exploit expired or stale keys to decrypt sensitive data or perform unauthorized actions, potentially leading to data breaches or regulatory non-compliance.