SYM_JSTS_0097 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses a hardcoded HMAC key, meaning the secret key is written directly in the source code. This makes the key easy to discover for anyone with access to the codebase, exposing sensitive operations to risk.
Impact
If an attacker accesses the source code, they can easily obtain the HMAC key, allowing them to forge or tamper with authentication tokens or sensitive data. This undermines the integrity of cryptographic protections and can lead to unauthorized access or data breaches.