SYM_GEN_0288 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Sensitive Facebook credentials appear to be hard-coded directly in the source code. Storing secrets like API keys or tokens this way can expose them to anyone with code access, including through public repositories.
Impact
If attackers obtain these credentials, they could access or control your Facebook integrations, steal data, impersonate your application, or abuse your account for malicious purposes. This could lead to data breaches, account compromise, or reputational damage.