SYM_GEN_0072 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
An Artifactory token appears to be present directly in the codebase. Storing authentication tokens in source code exposes sensitive credentials to anyone with code access, including version control history.
Impact
If an attacker obtains this token, they could gain unauthorized access to your Artifactory repositories, potentially allowing them to read, modify, or delete artifacts. This could lead to code theft, tampering with build artifacts, or disruption of your software supply chain.