SYM_GEN_0266 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Twitter API keys have been found directly in the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of accidental leaks.
Impact
If attackers gain access to these hard-coded Twitter API keys, they could impersonate your application, access or modify Twitter data, or abuse your account for malicious purposes. This can lead to unauthorized data access, reputation damage, and potential account suspension.