Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Automation account variables in Azure are being created without enabling encryption. This means sensitive values stored in these variables are left unprotected and can be accessed in plain text.
Impact#
If these variables contain secrets or confidential information, attackers or unauthorized users could read them, potentially leading to data leaks, privilege escalation, or further compromise of Azure resources.