SYM_GEN_0163 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Mailgun private API token has been found hard-coded in the source code. Storing credentials directly in code can expose sensitive information to anyone with access to the repository.
Impact
If exposed, an attacker could use the Mailgun API token to send emails, access email logs, or manipulate your email service on behalf of your organization. This could lead to unauthorized access, misuse of resources, data breaches, or reputational damage.