SYM_GEN_0281 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Shopify access token has been found hard-coded in the source code. Storing credentials in code makes them visible to anyone with access to the repository, increasing the risk of accidental leaks.
Impact
If an attacker gains access to the exposed token, they could interact with your Shopify store’s APIs, potentially viewing, modifying, or deleting sensitive store data. This could lead to unauthorized transactions, data breaches, or disruption of business operations.