SYM_GEN_0090 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
A Stripe Restricted API Key has been found hard-coded in the codebase. Storing sensitive API keys directly in code can expose them to unauthorized users if the code is leaked or shared.
Impact
If an attacker obtains this API key, they may be able to access or interact with your Stripe account in ways permitted by the key's restrictions, potentially leading to unauthorized transactions, data exposure, or abuse of payment services. This can result in financial loss and compromise of sensitive business operations.