SYM_GEN_0114 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Your code or configuration contains a Google OAuth client ID, which should not be exposed in public repositories or codebases. Exposing this information can make it easier for attackers to target your OAuth integration.
Impact
If attackers discover your Google OAuth client ID, they could attempt phishing or abuse authentication flows, potentially leading to unauthorized access or compromising user accounts. This can result in data leaks or damage to user trust in your application.