SYM_GEN_0190 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code contains a hard-coded Finicity client secret, meaning sensitive credentials are written directly into the source code. This practice makes it easy for unauthorized users to access these secrets if the code is shared or leaked.
Impact
If an attacker obtains the hard-coded client secret, they could access Finicity APIs or services as your application, potentially exposing sensitive financial data or enabling fraudulent transactions. This can lead to data breaches, financial loss, and regulatory violations.