SYM_GEN_0152 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Asana client IDs were found in the source code. Storing credentials directly in code makes them accessible to anyone with code access, increasing the risk of accidental exposure.
Impact
If these credentials are leaked, attackers could potentially access your Asana integrations or data, impersonate your application, or exploit your API usage. This could lead to data breaches, unauthorized actions, or compromise of sensitive project information.