SYM_GEN_0196 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
MessageBird API tokens have been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone who has access to the repository, including through public leaks or insider threats.
Impact
If attackers obtain these tokens, they can impersonate your application, send messages, access sensitive data, or incur costs by abusing your MessageBird account. This could lead to data breaches, service disruption, and financial loss.