SYM_GEN_0097 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Cryptographic Key
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-321: Use of Hard-coded Cryptographic Key |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A JWT (JSON Web Token) appears to be directly included in the codebase. Hardcoding tokens exposes sensitive authentication data, making it accessible to anyone with access to the code.
Impact
If attackers gain access to hardcoded JWTs, they may be able to impersonate users, access protected resources, or escalate privileges within your application. This can lead to unauthorized data exposure, account compromise, and broader security breaches.