SYM_GEN_0268 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Telegram Bot API token has been found hard-coded in the source code. Storing sensitive credentials like API tokens directly in code makes them easy to accidentally expose, especially in public or shared repositories.
Impact
If someone obtains the hard-coded Telegram Bot token, they could control your bot, send messages, impersonate your service, or access private information, potentially leading to data leaks, spam, or abuse of your Telegram account.