Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The AWS KMS key is created without enabling automatic key rotation, which means the same encryption key is used indefinitely. This increases the risk that, if the key is ever compromised, attackers can decrypt sensitive data protected by it.
Impact#
If key rotation is not enabled and a key is leaked or compromised, attackers could access all past and future data encrypted with that key. This could lead to unauthorized data exposure or loss of data confidentiality across your AWS environment.