SYM_GEN_0282 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A Lob API key was found hard-coded in the source code. Storing credentials directly in code exposes sensitive secrets and makes them easy to leak or misuse.
Impact
If attackers gain access to this API key, they could make unauthorized requests to Lob services, potentially incurring costs, accessing private data, or disrupting business operations. Hard-coded credentials are also difficult to rotate and manage securely.