SYM_GEN_0185 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Slack refresh tokens are hard-coded in the source code, exposing credentials to anyone with code access. Storing secrets directly in code makes them easy to leak or misuse.
Impact
If attackers gain access to these hard-coded tokens, they could compromise Slack accounts or services, send unauthorized messages, or access sensitive data. This can lead to data breaches, unauthorized actions, and potential reputational damage for the organization.