SYM_GEN_0094 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
An AWS session token has been found directly in the codebase. Storing sensitive credentials like AWS tokens in code exposes them to anyone with code access, making the application insecure.
Impact
If attackers gain access to the exposed AWS session token, they could use it to authenticate as your application, potentially accessing, modifying, or deleting AWS resources. This could lead to data breaches, service disruption, and significant financial or reputational damage.