SYM_GEN_0074 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Square OAuth secret key has been found directly in the codebase. Storing sensitive credentials like API secrets in code exposes them to anyone with code access and risks accidental leaks.
Impact
If an attacker obtains this secret, they could impersonate your application, gain unauthorized access to Square APIs, and potentially access or manipulate sensitive payment data. This could lead to financial loss, service disruptions, or compromise of customer information.