SYM_GEN_0262 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Twitter access tokens have been found hard-coded in the source code. Storing sensitive credentials like API tokens directly in code can expose them to unauthorized users if the code is shared or leaked.
Impact
If attackers gain access to these tokens, they could potentially control your Twitter account, post unauthorized tweets, access private data, or abuse the account for malicious activities, leading to reputational damage and possible compliance violations.