SYM_GEN_0145 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Duffel API tokens were found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with access to the repository, increasing the risk of accidental leaks.
Impact
If these tokens are exposed, attackers could gain unauthorized access to your Duffel account, potentially viewing or manipulating sensitive data, performing unauthorized transactions, or abusing your resources. This can lead to data breaches, service disruption, and financial loss.