Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The AWS Elastic Load Balancer (ELB) resource is configured without access logging enabled. Without logging, you won’t have records of traffic or activity passing through the load balancer.
Impact#
Without access logs, you lose visibility into requests and potential security incidents, making it difficult to audit activity, troubleshoot issues, or investigate breaches. This could allow malicious actions to go undetected and hinder compliance efforts.