SYM_GEN_0165 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Google Cloud Platform (GCP) API key has been hard-coded directly into the source code. Storing credentials in code makes them easy to accidentally expose in version control or shared repositories.
Impact
If the API key is leaked, attackers could use it to access your GCP resources, potentially incurring costs, stealing data, or disrupting services. This can lead to unauthorized access, data loss, and financial or reputational damage to your organization.