SYM_GEN_0242 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Mailchimp API key was found hard-coded in the source code. Storing credentials directly in code can expose sensitive information if the code is shared or leaked.
Impact
If an attacker obtains the hard-coded API key, they could access your Mailchimp account, view or modify mailing lists, send unauthorized emails, or steal sensitive user data, potentially leading to data breaches or unauthorized account usage.