SYM_GEN_0075 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
An API key appears to be hardcoded directly into the codebase. Storing sensitive credentials in source code makes them easy to accidentally expose or leak.
Impact
If an attacker obtains this API key, they could gain unauthorized access to external services or systems, potentially leading to data breaches, service abuse, or financial loss for the organization.