SYM_GEN_0137 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Slack App tokens have been found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally leak or expose, increasing the risk of unauthorized access.
Impact
If attackers obtain these hard-coded tokens, they could access or control your Slack app, potentially stealing messages, sending unauthorized commands, or compromising sensitive data. This could lead to data breaches, loss of control over integrations, and reputational damage.