SYM_GEN_0276 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Hard-coded Asana client secrets have been found in the source code. Storing credentials directly in code makes them easy to extract, exposing sensitive data and access to unauthorized parties.
Impact
If attackers gain access to the client secret, they could impersonate your application, access Asana APIs, or manipulate project data. This can lead to data breaches, unauthorized changes, and compromise of your organization’s Asana resources.