SYM_GEN_0198 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Slack legacy workspace tokens are hard-coded into the source code, exposing sensitive authentication credentials. Storing secrets directly in code makes them easy to leak and accessible to anyone with code access.
Impact
If exposed, attackers can use the token to access Slack workspaces, read or send messages, retrieve sensitive data, or impersonate users. This can lead to data breaches, unauthorized access, and potential compromise of internal communications.