SYM_GEN_0153 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
KuCoin API secret keys have been found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally expose, especially if the code is shared or published.
Impact
If an attacker obtains these hard-coded KuCoin secret keys, they could gain unauthorized access to your KuCoin account, execute trades, withdraw funds, or access sensitive account information, potentially resulting in financial loss or compromise of business assets.