SYM_GEN_0186 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Sumo Logic Access IDs are hard-coded directly in the source code. Storing credentials in code makes them easy to accidentally expose in repositories or logs, risking unauthorized access.
Impact
If attackers obtain these hard-coded credentials, they could access your organization's Sumo Logic account, potentially viewing, modifying, or deleting sensitive log data. This can lead to data breaches, compliance violations, and further attacks leveraging exposed information.