SYM_GEN_0272 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Sendinblue API tokens were found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose through version control or code sharing.
Impact
If these API tokens are leaked, attackers could gain unauthorized access to your Sendinblue account, allowing them to send emails, access contact lists, or abuse your email infrastructure. This could lead to data breaches, spam, or reputational and financial damage.