SYM_GEN_0172 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code contains a hard-coded Prefect API token, which means sensitive credentials are directly embedded in the source. Storing secrets like this in code makes them easy to accidentally expose or leak through version control.
Impact
If attackers gain access to the codebase, they could use the exposed API token to interact with Prefect services, potentially accessing, modifying, or deleting workflows and data. This can lead to unauthorized access, data breaches, and compromise of critical automation infrastructure.