SYM_GEN_0222 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Slack bot token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and puts your Slack workspace at risk.
Impact
If attackers gain access to this token, they could control your Slack bot, impersonate it, read or send messages, or access sensitive data. This could lead to unauthorized actions within your Slack organization and potential data breaches.