SYM_GEN_0103 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A SendGrid API key has been found directly in the code or repository. Storing sensitive credentials in source code exposes them to anyone with access to the codebase.
Impact
If an attacker obtains this API key, they could send emails on behalf of your organization, access sensitive email data, or abuse your SendGrid account, potentially leading to spam, phishing, or reputational damage.