SYM_GEN_0216 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive JFrog identity tokens are hard-coded directly in the source code. Storing credentials like this exposes them to anyone with access to the codebase, making it easy for attackers to steal and misuse these secrets.
Impact
If an attacker accesses the hard-coded token, they could gain unauthorized entry to your JFrog services, potentially leading to data leaks, code manipulation, or system compromise. This can result in loss of sensitive assets, service disruptions, or broader security breaches within your organization.