SYM_GEN_0200 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive credentials or JWT secrets appear to be hard-coded directly in the source code. Storing secrets in code exposes them to anyone with repository access, increasing the risk of unauthorized access.
Impact
If attackers gain access to hard-coded secrets, they could impersonate users, access protected resources, or compromise systems. This can lead to data breaches, unauthorized actions, and damage to the application's security and reputation.