SYM_GEN_0106 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Telegram Bot API key has been found directly in the codebase. Hard-coding sensitive credentials like API keys exposes them to anyone with access to the code, making them vulnerable to misuse.
Impact
If an attacker obtains this API key, they could impersonate your bot, send unauthorized messages, access private conversations, or disrupt your Telegram service. This could lead to data leaks, spam, or the compromise of your application's reputation and user trust.