SYM_GEN_0078 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A PayPal Braintree access token appears to be hard-coded in the codebase. Storing sensitive credentials directly in source code can expose them to anyone with code access, including public repositories.
Impact
If an attacker obtains this access token, they could potentially perform unauthorized transactions, access payment data, or compromise user financial information. This could lead to financial loss, data breaches, and reputational damage for the organization.