Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The AWS Redshift parameter group is configured without enforcing SSL connections by omitting require_ssl = true. This means data sent to and from Redshift is not encrypted in transit.
Impact#
Without SSL enforced, sensitive information (such as credentials or query results) can be intercepted or read by attackers on the network, potentially leading to data breaches or unauthorized access to your Redshift cluster.