SYM_GEN_0100 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
An AWS Secret Access Key appears to be hard-coded directly into the codebase. Storing sensitive credentials in code exposes them to anyone with access to the repository, making them easy to leak or misuse.
Impact
If attackers obtain this key, they can gain full access to your AWS resources, potentially leading to data theft, service disruption, financial loss, and unauthorized changes to your cloud infrastructure. This can severely compromise both security and business operations.