Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The Cloud SQL database instance is not configured to require SSL for incoming connections. This means data sent to and from the database could be transmitted in plaintext over the network.
Impact#
Without SSL enforcement, sensitive information—such as credentials and personal data—can be intercepted by attackers during transit, leading to data breaches, account compromise, and regulatory violations.