Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The AWS Backup vault resource is missing server-side encryption with a KMS key. This means backups stored in the vault are not protected at rest, leaving sensitive data unencrypted.
Impact#
If an attacker gains access to the unencrypted backup vault, they could read or steal sensitive backup data. This exposes confidential information, increases the risk of data breaches, and may violate compliance requirements.