Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The AWS Kinesis stream resource is not configured to encrypt data at rest. This means any data stored in the stream is unprotected and could be accessed in plain text if the underlying storage is compromised.
Impact#
If an attacker gains access to the Kinesis stream storage layer, they could read sensitive or confidential data directly. This exposes your organization to data breaches, regulatory violations, and potential reputational damage due to unprotected information.