Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-662
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A KMS encryption key associated with a Wiz-monitored asset is publicly accessible. This critical misconfiguration allows any AWS account or anonymous principal to use the key for decryption, effectively bypassing all encryption protections on data encrypted with this key. This represents an immediate data compromise risk.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.kms_key_no_public_access', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum