SYM_GEN_0105 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Slack API token has been found in the codebase. Storing sensitive credentials like Slack tokens in code makes them accessible to anyone with code access, which is insecure.
Impact
If an attacker obtains this token, they could access your Slack workspace, read or send messages, and perform actions as if they were an authorized user or bot. This could lead to data leaks, unauthorized command execution, or disruption of team communications.