Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The AWS Lambda function is configured with environment variables but does not specify a custom KMS encryption key. This means sensitive environment data relies only on default AWS-managed encryption, which may not meet stricter security requirements.
Impact#
Without a dedicated KMS key, attackers with certain AWS privileges could potentially access or decrypt sensitive environment variables if the default managed key is compromised. This could lead to exposure of secrets such as API keys, database credentials, or other confidential information.