SYM_GEN_0273 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Plaid API secret keys have been found hard-coded directly in the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of unauthorized access.
Impact
If attackers obtain the hard-coded Plaid secret key, they could access financial data or perform unauthorized actions on behalf of your application. This could lead to data breaches, financial fraud, and compromise of user privacy, potentially resulting in regulatory and reputational damage.