SYM_JAVA_0036 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code stores a password or secret value directly in the build.gradle.kts file. Hard-coding sensitive information in source code makes it easy for attackers or unauthorized users to access these secrets if the code is exposed.
Impact
If an attacker obtains the source code—through a code leak, repository compromise, or insider threat—they can extract hard-coded passwords and use them to gain unauthorized access to systems or data. This can lead to data breaches, service disruption, or further compromise of your infrastructure.