Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The key vault keys in your Azure configuration are not set to be backed by a Hardware Security Module (HSM). Without HSM backing, cryptographic keys are stored in software, which offers less protection against theft or compromise.
Impact#
If keys are not HSM-backed, attackers who gain access to the key vault or underlying infrastructure may be able to extract sensitive cryptographic keys more easily. This can lead to unauthorized data decryption, data breaches, or loss of control over protected resources.