SYM_GEN_0093 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Mailgun API key has been found hard-coded in the codebase, which exposes sensitive credentials directly in source files. Storing API keys in code makes them accessible to anyone with code access, including unauthorized users.
Impact
If an attacker obtains the Mailgun API key, they could send emails, access email logs, or abuse your Mailgun account, potentially leading to spam, data breaches, or financial loss. This could also compromise your application's reputation and result in unauthorized use of your email infrastructure.