Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The AWS Athena database resource is configured without at-rest encryption. This means sensitive data stored in Athena is not protected by AWS KMS or any encryption key.
Impact#
If the database is breached or accessed by unauthorized users, unencrypted data could be exposed, leading to potential data leaks or regulatory violations. Attackers or malicious insiders could read sensitive information stored in Athena without needing to bypass encryption.