Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The AWS SSM Document configuration does not enable encryption or logging for SSM logs, or uses unencrypted logs. This means sensitive operational data may be stored in plain text or not logged securely.
Impact#
Without proper encryption and logging, attackers or unauthorized users could access or tamper with sensitive SSM logs, potentially exposing confidential information or masking malicious activity. This increases the risk of data breaches and makes incident response more difficult.