SYM_GEN_0267 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Twitter API secret credentials have been found hard-coded directly in the source code. Storing secrets in code makes them easily accessible to anyone with code access, risking accidental or malicious disclosure.
Impact
If leaked, attackers could use these credentials to access your Twitter account or perform unauthorized actions via the Twitter API, potentially leading to data breaches, account takeover, or abuse of your organization's social media presence.