Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The DynamoDB table is not configured to use a customer-managed AWS KMS encryption key, relying only on the default AWS-managed key. This setup provides less control over key management and data protection.
Impact#
Without a customer-managed KMS key, your ability to manage encryption, control access, and audit key usage is limited. If the default key is compromised or misconfigured, sensitive data in the table could be exposed, increasing the risk of data breaches and compliance violations.