Tag: information-leak

Insecure connection using unencrypted protocol

Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.

Client-side KMS reencryption

Client-side decryption followed by encryption is inefficient and can lead to sensitive data leaks.

Clear text credentials

Credentials that are stored in clear text can be intercepted by a malicious actor.

Sensitive information leak

Exposure of sensitive information can lead to an unauthorized actor having access to the information.

Loose file permissions

Weak file permissions can lead to privilege escalation.

Sensitive data stored unencrypted due to partial encryption

Encryption that is dependent on conditional logic, such as an if...then clause, might cause unencrypted sensitive data to be stored.