SYM_GEN_0219 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive JFrog API keys have been found hard-coded in the source code. Storing credentials directly in code makes them easy to leak or accidentally share, exposing them to anyone with access to the repository.
Impact
If an attacker obtains a hard-coded JFrog API key, they could access your organization's artifact repositories, upload or download sensitive packages, or tamper with software releases. This can lead to data breaches, supply chain attacks, and loss of control over critical infrastructure.