SYM_GEN_0116 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
AWS Access Key IDs are hardcoded directly into the codebase. Storing sensitive credentials like these in source code makes them easy to leak if the code is shared or published.
Impact
If exposed, attackers could use these credentials to access and control your AWS resources, potentially leading to data breaches, unauthorized infrastructure changes, or significant financial loss for your organization.