SYM_GEN_0156 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A DigitalOcean access token has been found hard-coded in the source code. Storing secrets like API tokens directly in code exposes them to anyone with repository access and increases the risk of accidental leaks.
Impact
If an attacker obtains this access token, they could gain unauthorized access to your DigitalOcean account, potentially leading to resource manipulation, data exposure, service disruption, or unexpected costs for your organization.