SYM_GEN_0227 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code contains a hard-coded Bittrex API secret key, which exposes sensitive credentials directly in the source code. Storing secrets this way makes them easily accessible to anyone with access to the codebase.
Impact
If an attacker obtains the hard-coded secret key, they could gain unauthorized access to your Bittrex account, potentially leading to financial loss, unauthorized transactions, or data breaches. This also increases the risk of secrets being leaked if the code is shared or published.