SYM_GEN_0085 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Usernames and passwords are being included directly in URIs within the code. This exposes sensitive credentials in plain text, making them easily accessible to anyone who can view the code, logs, or network traffic.
Impact
If exploited, attackers could steal these hard-coded credentials to gain unauthorized access to databases, servers, or other services, potentially leading to data breaches, service disruption, or further compromise of your systems.