SYM_GEN_0228 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A JSON Web Token (JWT) has been found hard-coded in the source code. Storing credentials or tokens directly in code makes them accessible to anyone with code access, increasing the risk of unauthorized use.
Impact
If attackers obtain hard-coded JWTs, they could impersonate users, gain unauthorized access to sensitive systems or data, and compromise application security. This can lead to data breaches, privilege escalation, and loss of trust for the organization.