SYM_CONF_0294 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
AWS credentials are being hard-coded directly in the Terraform configuration file. Storing secrets like access keys in source code makes them easy to accidentally expose or leak.
Impact
If these credentials are leaked, anyone with access could control your AWS resources, potentially leading to data loss, service disruption, or financial loss from unauthorized usage. Attackers could exploit these keys to compromise your cloud infrastructure.