SYM_GEN_0261 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A SendGrid API token was found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally share or expose, increasing the risk of unauthorized access.
Impact
If this token is leaked, attackers could use it to send emails or access sensitive functionality on behalf of your organization, potentially leading to spam, phishing, data leaks, or service abuse. This could result in reputational damage, account compromise, or unexpected costs.