SYM_CONF_0128 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Insufficiently Protected Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-522: Insufficiently Protected Credentials |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Database passwords are hardcoded directly in Terraform source files for AWS RDS resources. This exposes sensitive credentials in version control and to anyone with access to the codebase.
Impact
If attackers or unauthorized users access the source code, they can obtain database credentials, potentially leading to unauthorized data access, data breaches, or service disruption. This compromises the security of your database and may violate compliance requirements.