SYM_GEN_0204 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive credentials, such as passwords, are hard-coded directly into the source code. This exposes secrets to anyone with code access and increases the risk of accidental leaks through version control or code sharing.
Impact
If attackers gain access to the source code, they can easily extract hard-coded credentials, allowing unauthorized access to critical systems or data. This can lead to data breaches, service disruption, or further compromise of infrastructure.