SYM_GEN_0136 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Mailgun public API key has been hard-coded directly into the source code. Storing credentials in code can expose sensitive keys if the codebase is shared or made public.
Impact
If attackers gain access to this key, they could send emails or perform unauthorized actions through your Mailgun account, potentially leading to spam, phishing, or misuse of your email infrastructure. This could result in service disruption, reputational damage, or account compromise.