Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
S3 bucket objects are being created without specifying a customer-managed KMS key for encryption. This means data at rest may not be fully protected or controlled by your organization.
Impact#
Without customer-managed KMS encryption, sensitive data stored in S3 could be more easily accessed if AWS defaults are compromised. This reduces control over key usage, access, and rotation, increasing the risk of unauthorized data exposure.