SYM_GEN_0171 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Twitter API credentials appear to be hard-coded directly in the source code. Storing secrets like access tokens in code makes them easy to accidentally expose, especially in public or shared repositories.
Impact
If these credentials are leaked, attackers could gain unauthorized access to your Twitter account or application, potentially posting tweets, reading private data, or impersonating your service. This can lead to data breaches, brand damage, and abuse of your organization's Twitter resources.