SYM_GEN_0113 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Stripe API secret key has been found directly in the codebase. Exposing sensitive credentials in source code makes them vulnerable to accidental leaks or unauthorized access.
Impact
If an attacker gains access to this secret key, they could perform unauthorized transactions, access customer payment data, or make changes to your Stripe account, leading to financial loss and reputational damage for your organization.