SYM_GEN_0223 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A PlanetScale API token has been found hard-coded in the codebase. Storing credentials directly in source code exposes sensitive information and makes it easy for attackers to access them if the code is leaked or shared.
Impact
If an attacker obtains the hard-coded API token, they could gain unauthorized access to your PlanetScale database, potentially reading, modifying, or deleting data. This could lead to data breaches, service disruption, and severe reputational or financial damage.