SYM_GEN_0099 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Twilio API key has been found directly in the codebase. Storing secret credentials in source code exposes them to anyone with code access, making it easy for attackers to misuse your Twilio account.
Impact
If an attacker obtains this API key, they could send messages, make calls, or access sensitive Twilio data using your account. This could lead to financial loss, unauthorized access to communications, and potential abuse of your organization's services.