SYM_GEN_0230 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code contains a hard-coded New Relic User API ID, which exposes sensitive credentials directly in the source code. Storing secrets this way makes them vulnerable to accidental leaks and unauthorized access.
Impact
If an attacker gains access to the hard-coded API ID, they could use it to access or manipulate your New Relic account, potentially viewing sensitive monitoring data or disrupting application monitoring. This may also lead to compliance violations and increased risk if the code is shared or committed to public repositories.