SYM_GEN_0110 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A PGP private key has been found directly in the codebase, which means sensitive cryptographic credentials are exposed. Private keys should never be hardcoded or stored in source control.
Impact
If this private key is leaked, attackers could decrypt confidential data, impersonate users, or gain unauthorized access to secure systems, leading to data breaches or loss of trust.