SYM_GEN_0220 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Sidekiq credentials have been found hard-coded in the source code. Storing secrets like API keys or passwords in code makes them easily accessible to anyone with code access, risking unintentional leaks.
Impact
If these credentials are exposed, attackers could gain unauthorized access to Sidekiq services or infrastructure, potentially leading to data theft, service disruption, or further compromise of your systems. This can result in loss of sensitive data, reputational damage, and compliance violations.