SYM_GEN_0147 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Slack user tokens are hard-coded in the source code, exposing sensitive credentials within the repository. Storing secrets directly in code makes them easy to leak if the code is shared or becomes public.
Impact
If an attacker obtains these tokens, they could gain unauthorized access to Slack accounts or workspaces, read or send messages, or perform actions as the compromised user. This could lead to data theft, account takeover, or abuse of your organization's Slack environment.