Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The AWS Athena Workgroup resource is missing encryption for its query results. Without configuring ’encryption_configuration’, data stored in Athena may be saved in plaintext and is not protected by AWS KMS.
Impact#
If encryption is not enabled, sensitive query results could be exposed if the storage location is compromised. Attackers or unauthorized users might gain access to confidential data, leading to data breaches, regulatory non-compliance, and reputational damage.