SYM_GEN_0278 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Alibaba Access Key IDs are hard-coded directly into the source code, exposing sensitive credentials. Storing secrets this way makes it easy for attackers to find and misuse them if the code is shared or leaked.
Impact
If an attacker obtains these hard-coded credentials, they could gain unauthorized access to Alibaba Cloud resources, potentially leading to data breaches, service disruptions, or financial loss for the organization.