SYM_GEN_0077 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Square Access Token has been found directly in the codebase. Storing sensitive credentials like API tokens in code exposes them to unauthorized access if the code is leaked or shared.
Impact
If an attacker obtains this access token, they could interact with your Square account’s APIs, potentially making unauthorized transactions, accessing sensitive customer data, or causing financial loss. This compromises both application security and user trust.