Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The root block device for this AWS launch configuration is not encrypted. This means any data stored on the root volume is unprotected at rest, leaving sensitive information exposed if the storage is accessed by unauthorized parties.
Impact#
If the underlying storage is compromised—such as through snapshot leaks, misconfigured permissions, or when decommissioned—an attacker could access unencrypted data, including credentials, application secrets, or user data. This can lead to data breaches, regulatory violations, and loss of trust.