SYM_GEN_0083 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Facebook access token has been found exposed in the code. Storing access tokens in source files makes them easily accessible to anyone with code access, which is insecure and violates best practices for handling secrets.
Impact
If exposed, attackers could use the token to access or manipulate your Facebook application's data, impersonate users, or perform unauthorized actions on behalf of your app. This can lead to data breaches, compromised accounts, and reputational damage.