Aws Broker Broker Tls Disabled
Description
This detector identifies Amazon MSK clusters that have TLS encryption disabled either between clients and brokers or between the cluster's brokers. Running Kafka clusters without TLS encryption exposes data in transit to potential interception and manipulation, compromising the confidentiality and integrity of message streams.
Detection Strategy
• Reports a vulnerability when an MSK cluster uses PLAINTEXT (unencrypted) communication between clients and brokers instead of TLS encryption
• Reports a vulnerability when an MSK cluster has disabled encryption (TLS) for internal communication between brokers within the cluster
• Excludes serverless MSK clusters from the vulnerability check as they have encryption enabled by default
• Examines the EncryptionInTransit configuration for both ClientBroker and InCluster settings to determine the encryption status
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.