SYM_GEN_0283 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Alibaba cloud credentials appear to be hard-coded directly in the source code. Storing secrets in code makes them easy to accidentally expose through version control or sharing.
Impact
If attackers obtain these credentials, they can access your Alibaba cloud resources, potentially leading to data breaches, unauthorized resource usage, or financial loss. This exposure puts both your application's security and your organization's assets at risk.