Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
An SQS queue is being created in AWS CDK without enabling encryption at rest. This means any data stored in the queue is not protected and could be read in plaintext if accessed.
Impact#
If the queue data is compromised, sensitive messages could be exposed to unauthorized users, leading to data breaches or leaks. Lack of encryption increases the risk of compliance violations and may allow attackers to access confidential information if AWS infrastructure is breached.