SYM_GEN_0111 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Heroku API key has been found directly in the codebase. Exposing sensitive credentials in code allows anyone with access to the repository to misuse your Heroku account.
Impact
If an attacker obtains this API key, they can access, modify, or delete your Heroku apps and data, potentially resulting in service downtime, data breaches, or unexpected costs for your organization.