SYM_GEN_0263 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Yandex AWS access tokens were found in the source code. Storing credentials directly in code makes them easy to accidentally expose in version control or code sharing.
Impact
If attackers obtain these hard-coded tokens, they could gain unauthorized access to your Yandex AWS resources, potentially leading to data breaches, resource manipulation, or service disruption. This can compromise sensitive information and put your infrastructure at risk.