SYM_GEN_0070 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The AWS Account ID is hardcoded directly into the source code. While not as sensitive as a password, exposing account identifiers in code can make it easier for attackers to target your AWS resources.
Impact
If the code is shared or leaked, attackers could use the AWS Account ID to launch phishing attacks, enumerate resources, or attempt unauthorized access. This increases the risk of your AWS environment being targeted, potentially leading to data breaches or service disruptions.