SYM_GEN_0237 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Finicity API token was found hard-coded in the source code. Storing credentials directly in code exposes sensitive information and makes it easy for attackers to access these secrets if the code is leaked or shared.
Impact
If an attacker obtains a hard-coded Finicity API token, they could gain unauthorized access to financial data or services, leading to potential data breaches, fraud, and significant reputational or financial damage to your organization.