SYM_GEN_0176 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Slack webhook URL was found hard-coded in the source code. Storing credentials or secret URLs directly in code can expose them to anyone with access to the repository.
Impact
If attackers obtain the Slack webhook URL, they can send unauthorized messages to your Slack channels, potentially spamming, phishing, or leaking sensitive information. This could disrupt team communications and damage organizational trust.