SYM_GEN_0225 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive credentials, such as vault service tokens, have been found hard-coded directly in the source code. Storing secrets in code makes them easily accessible to anyone with code access, increasing the risk of credential leaks.
Impact
If these hard-coded tokens are exposed, attackers could gain unauthorized access to protected services or data. This could lead to data breaches, service disruption, or further compromise of systems, potentially affecting the entire organization.