SYM_GEN_0082 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
HockeyApp API keys or credentials are hard-coded directly in the code. This exposes sensitive secrets, making them easy to extract from the source or deployed application.
Impact
If attackers obtain the hard-coded HockeyApp credentials, they could access your app's crash reports, download private builds, or manipulate your HockeyApp account. This can lead to data leaks, unauthorized access, or compromise of your application's distribution and diagnostic information.