SYM_GEN_0073 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
An Artifactory API token or password has been found directly in the codebase. Storing sensitive credentials in source code exposes them to anyone with code access, making it easy to accidentally leak secrets.
Impact
If an attacker obtains this token, they could gain unauthorized access to your Artifactory instance, potentially allowing them to read, modify, or delete artifacts and sensitive data. This can lead to compromise of build pipelines, distribution of malicious packages, and significant organizational risk.