SYM_GEN_0087 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description
An Onfido live API token has been found directly in the codebase. Storing sensitive API credentials in source code exposes them to anyone with code access, making it easy for unauthorized users to misuse them.
Impact
If an attacker obtains this token, they can interact with the Onfido API as your application, potentially accessing sensitive user information, submitting fraudulent identity checks, or incurring unexpected costs. This can lead to data breaches, loss of trust, and financial or legal repercussions for your organization.