SYM_GEN_0088 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A MailChimp API key has been found hard-coded in the codebase. Storing API keys in source code exposes sensitive credentials that should be kept private.
Impact
If exposed, attackers could use the API key to access or manipulate your MailChimp account, potentially sending unauthorized emails, viewing mailing lists, or accessing sensitive data. This can lead to data breaches, account abuse, and reputational damage.