SYM_GEN_0238 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Yandex access token has been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with repository access, increasing the risk of secret leaks.
Impact
If exposed, attackers can use the hard-coded Yandex access token to gain unauthorized access to sensitive Yandex services or data. This could lead to data breaches, service misuse, or financial loss for the organization.