SYM_JSTS_0019 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
Sensitive credentials like clientSecret, secretOrKey, or consumerSecret are hard-coded directly in the source code. Storing secrets this way makes them easy to accidentally expose, for example through version control or code sharing.
Impact
If an attacker gains access to these hard-coded credentials, they can impersonate your application, access protected resources, or compromise user accounts. This can lead to data breaches, unauthorized access, and loss of trust in your application.