SYM_GEN_0162 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Sumologic access token was found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally expose and compromises system security.
Impact
If someone gains access to the token in your code, they could use it to access your Sumologic account, potentially exposing sensitive logs or data, incurring costs, or enabling further attacks against your organization.