Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-737
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A Wiz-monitored asset has secrets stored in plaintext environment variables and has logging disabled. This is a critical blind spot: credentials are exposed in an easily extractable location, and there is no audit trail to detect if they have been accessed or exfiltrated. An attacker who obtains these credentials can use them without triggering any alerts.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.no_env_var_secret', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Logging Enabled (True/False)
==
0
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum