SYM_GEN_0117 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Google OAuth access token has been found in your code or configuration files. Storing access tokens in source code can expose sensitive credentials to anyone with code access, including unintended parties.
Impact
If an attacker obtains this token, they could access Google services or user data on behalf of your application, potentially leading to unauthorized data exposure, account compromise, or misuse of cloud resources.