SYM_GEN_0155 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A LinkedIn client secret has been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of unauthorized use.
Impact
If attackers obtain this secret, they could impersonate your application, access sensitive LinkedIn APIs, or abuse your LinkedIn integration. This can lead to data breaches, account compromise, and reputational or financial loss for your organization.