A MSK cluster allows unencrypted data in transit.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | msk |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The MSK (Managed Streaming for Kafka) cluster is configured to allow unencrypted data transmission between clients and brokers or between cluster nodes. This exposes data in transit to potential interception, as communications are not secured with encryption protocols like TLS.
Impact#
Without in-transit encryption, sensitive information such as messages, credentials, or configuration data sent through the Kafka cluster can be intercepted and read by unauthorized parties. This could lead to data breaches, unauthorized access, or compromise of confidential information within the organization.
Resolution#
Enable in transit encryption