SYM_GEN_0159 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Twilio API keys are hard-coded directly into the source code. Storing credentials in code makes them easy to accidentally expose in version control or code sharing.
Impact
If attackers gain access to the source code, they can use the exposed Twilio API key to send messages, make calls, or access account resources—potentially leading to unauthorized charges, data leaks, or abuse of your Twilio services.