SYM_GEN_0128 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Cloudflare API keys have been found hard-coded in the source code. Storing credentials directly in code makes them vulnerable to accidental exposure and unauthorized access.
Impact
If attackers obtain these hard-coded API keys, they could gain unauthorized access to your Cloudflare account, potentially modifying DNS records, exposing sensitive data, or disrupting services. This creates a significant risk of service compromise or data breaches.