SYM_PY_0052 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Hard-coded Credentials
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The function sets a hardcoded password as a default argument, which means anyone calling the function without specifying a password will use this insecure default. This exposes sensitive credentials directly in the source code.
Impact
Attackers who access the codebase or decompile the application can easily retrieve the hardcoded password, potentially gaining unauthorized access to systems or data. This weakens authentication controls and could lead to data breaches or compromise of user accounts.