SYM_GEN_0256 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code contains a FreshBooks access token hard-coded directly in the source. Storing credentials in code makes them easy to accidentally expose and risks unauthorized access.
Impact
If attackers obtain this token, they could gain access to sensitive FreshBooks data or services, potentially leading to data breaches, financial loss, or unauthorized actions on behalf of your organization.