SYM_GEN_0226 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive private keys have been found hard-coded in the source code. Storing credentials or secrets directly in code makes them accessible to anyone with code access, increasing the risk of leaks.
Impact
If an attacker gains access to the repository, they can use these private keys to impersonate users, access protected systems, or steal sensitive data. This can lead to unauthorized access, data breaches, or compromise of critical infrastructure.