Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The AWS Elasticsearch domain resource is missing encryption at rest, meaning that data stored in the cluster is not protected on disk. Without this setting, sensitive information could be exposed if the storage is accessed directly.
Impact#
If encryption at rest is not enabled, attackers or unauthorized users who gain access to the underlying storage could read sensitive data, leading to data breaches and compliance violations. This can result in financial loss, reputational damage, and legal consequences for the organization.