SYM_GEN_0107 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Amazon MWS (Marketplace Web Service) authentication tokens have been found directly in the codebase. Storing sensitive credentials like Auth Tokens in source code exposes them to anyone with code access, making them vulnerable to leaks.
Impact
If an attacker obtains an exposed Amazon MWS Auth Token, they could gain unauthorized access to your Amazon seller account data and perform actions such as retrieving orders or altering listings. This could lead to data breaches, financial loss, and damage to business operations or reputation.