SYM_GEN_0080 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Google API key has been found directly in the code or files, meaning sensitive credentials are exposed. Storing API keys in source code makes them easily accessible to anyone with code access.
Impact
If exposed, attackers can use your Google API key to access Google services on your behalf, potentially incurring costs, accessing sensitive data, or abusing your application's resources. This can lead to data breaches, service disruption, and financial loss.