SYM_GEN_0174 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Coinbase access token was found hard-coded in the source code. Storing sensitive credentials like API keys directly in code makes them vulnerable to accidental exposure and unauthorized access.
Impact
If an attacker obtains this access token, they could access or manipulate your Coinbase account and its assets, potentially leading to financial loss, data breaches, or unauthorized transactions. Leaked tokens can also be abused if the code is shared publicly or within the organization.