SYM_RB_0062 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Sensitive Information to an Unauthorized Actor
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Sensitive information such as passwords, secrets, or API keys is being hardcoded directly into source code. This makes these credentials easy to discover if the code is shared, published, or accessed by unauthorized users.
Impact
If attackers gain access to the source code, they can extract these secrets to compromise accounts, access private APIs, or escalate privileges within your systems. This can lead to data breaches, unauthorized access, and significant damage to your application's security and reputation.