SYM_GEN_0245 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Stripe access token has been found hard-coded in the source code. Storing sensitive credentials like API keys directly in code makes them vulnerable to accidental exposure and unauthorized access.
Impact
If attackers obtain this access token, they could make unauthorized transactions, view or manipulate customer data, or abuse your Stripe account, leading to potential financial loss, data breaches, and reputational damage.