A MSK cluster allows unencrypted data at rest.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | msk |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The MSK (Managed Streaming for Kafka) cluster is configured without encryption for data at rest. This means data stored on disk within the cluster is unprotected and could be accessed in plaintext if storage is compromised.
Impact#
If exploited, attackers with access to the underlying storage could read sensitive Kafka data directly from disk, leading to potential data breaches, regulatory non-compliance, and exposure of confidential information.
Resolution#
Enable at rest encryption