SYM_GEN_0173 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
An OpenAI API key has been found hard-coded in the source code. Storing sensitive credentials in code exposes them to anyone with code access, increasing the risk of unauthorized use.
Impact
If an attacker obtains the exposed API key, they could make unauthorized requests to the OpenAI API, potentially incurring unexpected costs, accessing sensitive data, or abusing your account. This could lead to financial loss, data breaches, or service disruption for your organization.