SYM_GEN_0206 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Etsy access tokens have been detected in the source code. Storing credentials directly in code makes them easy to accidentally expose or leak, putting sensitive access at risk.
Impact
If an attacker obtains these tokens—such as through a public code repository—they could access Etsy accounts or APIs with the same permissions as your application, potentially leading to data breaches, unauthorized transactions, or abuse of your services.