SYM_GEN_0071 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
A bcrypt password hash was found directly in the codebase or configuration files. Storing hashed credentials in source code is insecure, as it can expose sensitive authentication data if the code is leaked or shared.
Impact
If attackers gain access to the repository, they could use the exposed hashes to attempt offline attacks or leverage them to compromise user accounts. This can lead to unauthorized access, data breaches, and reputational damage for the organization.