Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The Athena workgroup is configured to allow client-side overrides, meaning users can disable required encryption settings. This undermines enforced security controls and exposes sensitive query results to potential risks.
Impact#
If exploited, clients could run queries without encryption, leading to unprotected storage or transmission of sensitive data. This increases the risk of data breaches, regulatory non-compliance, and unauthorized access to confidential information.