Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The AWS EBS volume is created without encryption enabled, meaning any data stored on the volume is not protected at rest. This exposes sensitive information if the underlying storage or snapshots are accessed by unauthorized parties.
Impact#
If the EBS volume or its snapshots are compromised, attackers could read unencrypted data, leading to potential data breaches, regulatory violations, and loss of sensitive information. This can seriously harm the organization’s reputation and security posture.