Wtforms-hardcoded-csrf-secret
Wtforms hardcoded csrf secret
wtforms-hardcoded-csrf-secret
wtforms-hardcoded-csrf-secret
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is reommended to store and retrieve the secret key from the app config instead. For example app.config['CSRF_SECRET_KEY'].
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-798: Use of Hard-coded Credentials
OWASP:
- A07:2021 - Identification and Authentication Failures