Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The AWS DocumentDB cluster is configured without storage encryption enabled. This means data stored in the cluster is not protected at rest, making it vulnerable if the underlying storage is compromised.
Impact#
If storage encryption is not enabled, attackers who gain access to the physical disks or backups could read sensitive database data. This exposes confidential information and could lead to data breaches, regulatory violations, and loss of trust.