SYM_GEN_0181 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code contains an Adobe client secret directly embedded in the source, exposing sensitive credentials. Storing secrets in code makes them vulnerable to accidental leaks or unauthorized access.
Impact
If the Adobe client secret is exposed, attackers could gain unauthorized access to Adobe APIs or services, potentially leading to data theft, account compromise, or abuse of organizational resources. This can result in security breaches, regulatory violations, or financial loss.