SYM_GEN_0201 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded PlanetScale database passwords have been detected in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of accidental leaks.
Impact
If attackers obtain these credentials, they could gain unauthorized access to your PlanetScale database, potentially leading to data theft, data loss, or unauthorized data modifications. This can compromise sensitive information and disrupt business operations.