SYM_GEN_0095 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive secret values, such as API keys or credentials, are hard-coded directly into the source code. Storing secrets in code makes them easily accessible to anyone with code access and increases the risk of accidental exposure.
Impact
If attackers gain access to these secrets, they can compromise accounts, access sensitive data, or perform unauthorized actions in external systems. This can lead to data breaches, service abuse, and loss of control over critical resources.