SYM_GEN_0265 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Confluent access tokens are hard-coded directly into the source code. Storing credentials this way makes them easy to discover and exposes sensitive information to anyone with code access.
Impact
If attackers obtain these hard-coded tokens, they could gain unauthorized access to Confluent services, potentially leading to data breaches, service disruptions, or misuse of your infrastructure. This risk increases if the code repository is publicly accessible or shared widely.