SYM_GEN_0214 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Facebook API secret or credential has been found hard-coded in the source code. Storing secrets directly in code exposes them to anyone with access to the repository, increasing the risk of leaks.
Impact
If attackers gain access to this secret, they could impersonate your application, access sensitive Facebook APIs, or abuse your account. This can lead to data breaches, unauthorized actions, and potential reputational or financial damage.