Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The AWS Elasticsearch domain is configured to allow TLS 1.0 connections, which uses outdated encryption algorithms that are no longer considered secure. This increases the risk of attackers intercepting or tampering with data in transit.
Impact#
If exploited, attackers could decrypt or modify sensitive data transmitted between clients and the Elasticsearch service, potentially leading to data breaches or unauthorized access. This weakens the overall security of your cloud infrastructure and may violate compliance requirements.