SYM_GEN_0187 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code includes hard-coded credentials within a URL, exposing sensitive information directly in the source code. Storing secrets like usernames or passwords in code makes them accessible to anyone with code access, increasing the risk of leaks.
Impact
If these credentials are exposed, attackers could gain unauthorized access to protected systems or services, potentially leading to data theft, unauthorized changes, or service disruption. This can compromise both the security of your application and the privacy of users or business data.