SYM_GEN_0142 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Bittrex API keys are hard-coded directly into the source code. Storing credentials in code makes them easy to accidentally expose or leak, especially if the repository is shared or made public.
Impact
If attackers gain access to these hard-coded keys, they could perform unauthorized actions on your Bittrex account, such as executing trades or withdrawing funds. This can lead to financial losses, account compromise, and reputational damage to your organization.