SYM_GEN_0092 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Kolide API key appears to be hard-coded or exposed in your codebase. Exposing secret credentials in source code can allow unauthorized access to Kolide services.
Impact
If this API key is leaked, attackers could gain control over your Kolide instance, potentially accessing sensitive data, executing commands, or altering configurations. This may lead to data breaches, unauthorized activity, or loss of control over your infrastructure.