409 – Non-encrypted confidential information - DynamoDB
Description
Some AWS DyanmoDB instances are not encrypted or use the default KMS encryption which do not use a Customer Managed Key (CMK)
Impact
Obtain critical information from the databases in plaintext
Recommendation
Enable the DynamoDB encryption for all their instances using a custom KMS key
Threat
Authenticated attacker from the Internet with access to the Database
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: H
- User interaction: N
- Confidentiality (VC): H
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P