SYM_GEN_0218 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Twitch API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally leak or expose, which is unsafe.
Impact
If an attacker gains access to the exposed token, they could use it to impersonate your application, access or modify Twitch account data, or perform unauthorized actions. This can lead to account compromise, data breaches, or abuse of your platform’s integrations.