Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Redis instance in Google Cloud Memorystore is not configured to use in-transit encryption, which means data sent between clients and the Redis server is not encrypted. This exposes sensitive information to interception during network transmission.
Impact#
Without in-transit encryption, attackers could eavesdrop on unencrypted network traffic and steal sensitive data such as credentials or application secrets, potentially leading to data breaches or unauthorized access to your Redis instance.