SYM_GEN_0234 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Mattermost access tokens were detected in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access and risks accidental exposure.
Impact
If these tokens are leaked or committed, attackers could gain unauthorized access to your Mattermost instance, potentially reading or modifying messages, accessing sensitive data, or impersonating users. This can lead to data breaches and compromise the security of your organization.