SYM_GEN_0246 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Postman API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally leak, especially if the repository is shared or made public.
Impact
If exposed, attackers could use the leaked Postman API token to access your Postman account, view or modify APIs, and potentially compromise sensitive data or development environments. This can lead to data theft, service disruption, or abuse of your infrastructure.