SYM_GEN_0280 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
AWS access tokens are hard-coded directly in the source code. Storing credentials this way makes it easy for anyone with code access to retrieve sensitive secrets.
Impact
If exposed, attackers could use these credentials to access your AWS resources, potentially leading to data breaches, unauthorized infrastructure changes, or financial loss through resource misuse.