SYM_GEN_0122 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Plaid client IDs were found hard-coded in the source code. Storing credentials directly in code exposes sensitive information and increases the risk of accidental leaks.
Impact
If these hard-coded credentials are exposed, attackers could gain unauthorized access to connected financial services or sensitive account data. This could lead to data breaches, financial fraud, and compromise of user trust or regulatory violations.