SYM_GEN_0183 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Scalingo API token appears to be hard-coded directly in the source code. Storing sensitive credentials in code makes them easy to accidentally expose in version control or code sharing.
Impact
If this token is leaked, attackers could gain unauthorized access to Scalingo services, potentially allowing them to control infrastructure, access sensitive data, or disrupt services. This could lead to data breaches, service outages, and compromise of your application's environment.