SYM_GEN_0170 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Yandex API key has been found hard-coded in the source code. Storing credentials directly in code makes them visible to anyone with access to the repository, increasing the risk of accidental exposure.
Impact
If an attacker gains access to the exposed API key, they could use it to access Yandex services on your behalf, potentially leading to data breaches, unauthorized actions, or unexpected charges. This could compromise sensitive information or disrupt business operations.