SYM_GEN_0179 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Kraken API access tokens were found in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of accidental leaks.
Impact
If attackers obtain these hard-coded tokens, they can gain unauthorized access to Kraken accounts, potentially making trades, withdrawing funds, or accessing sensitive financial data. This can lead to financial loss, account compromise, and reputational damage for both users and the organization.