SYM_GEN_0203 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Adobe Client IDs or credentials have been found hard-coded directly in the source code. Storing sensitive credentials in code makes them vulnerable to accidental disclosure through code sharing or repository leaks.
Impact
If these credentials are exposed, attackers could gain unauthorized access to Adobe services or sensitive user data, leading to data breaches, account compromise, or abuse of application resources. This may result in financial loss, legal consequences, or reputational damage for the organization.