SYM_GEN_0197 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A New Relic browser API token was found hard-coded in the source code. Storing credentials directly in code makes them easy to discover and exposes sensitive access to anyone with code access.
Impact
If this token is leaked, attackers could send unauthorized data to your New Relic account or misuse your monitoring resources, potentially resulting in data tampering, increased costs, or exposure of application insights. This can compromise the security and integrity of your monitoring environment.