SYM_GEN_0129 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Authress service client access keys have been found hard-coded in the source code. Storing credentials directly in code makes them easy to discover and misuse by anyone with code access.
Impact
If exposed, attackers could use these keys to gain unauthorized access to protected services or data, potentially leading to data breaches, privilege escalation, or service abuse. This can compromise the security of your application and put sensitive information at risk.