SYM_GEN_0098 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
An AWS AppSync GraphQL API key has been found directly in the code or configuration. Storing sensitive credentials like API keys in source code makes them easy to leak or expose accidentally.
Impact
If an attacker obtains this API key, they could access or manipulate your AppSync GraphQL API, potentially exposing or altering sensitive data and incurring unexpected costs. This could lead to data breaches, unauthorized actions, and compromise of your cloud environment.