SYM_GEN_0119 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A New York Times API access token appears to be hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally share or expose, putting sensitive information at risk.
Impact
If an attacker gains access to this token, they could use it to interact with the New York Times API as your application, potentially accessing, modifying, or abusing your account and its data. This can lead to unauthorized actions, service misuse, or billing issues, and could compromise your organization's reputation and security.