Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Square Access Token has been found directly in the codebase. Storing sensitive credentials like API tokens in code exposes them to unauthorized access if the code is leaked or shared.

Impact

If an attacker obtains this access token, they could interact with your Square account’s APIs, potentially making unauthorized transactions, accessing sensitive customer data, or causing financial loss. This compromises both application security and user trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A PayPal Braintree access token appears to be hard-coded in the codebase. Storing sensitive credentials directly in source code can expose them to anyone with code access, including public repositories.

Impact

If an attacker obtains this access token, they could potentially perform unauthorized transactions, access payment data, or compromise user financial information. This could lead to financial loss, data breaches, and reputational damage for the organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Snyk API key has been found hard-coded in the codebase. Exposing API keys in code can allow unauthorized users to access your Snyk account and services.

Impact

If attackers obtain this API key, they could use your Snyk account to access sensitive security data, manipulate project settings, or deplete your usage limits, potentially leading to data breaches or loss of control over your security monitoring.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Google API key has been found directly in the code or files, meaning sensitive credentials are exposed. Storing API keys in source code makes them easily accessible to anyone with code access.

Impact

If exposed, attackers can use your Google API key to access Google services on your behalf, potentially incurring costs, accessing sensitive data, or abusing your application’s resources. This can lead to data breaches, service disruption, and financial loss.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A SoftLayer API key has been found hard-coded in the codebase. Storing sensitive credentials in source code exposes them to anyone with access to the repository, which is an insecure practice.

Impact

If an attacker gains access to this API key, they could control or manipulate your SoftLayer cloud resources, potentially leading to data breaches, unauthorized resource usage, or service disruptions. This can result in financial loss and compromise of sensitive assets.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

HockeyApp API keys or credentials are hard-coded directly in the code. This exposes sensitive secrets, making them easy to extract from the source or deployed application.

Impact

If attackers obtain the hard-coded HockeyApp credentials, they could access your app’s crash reports, download private builds, or manipulate your HockeyApp account. This can lead to data leaks, unauthorized access, or compromise of your application’s distribution and diagnostic information.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Facebook access token has been found exposed in the code. Storing access tokens in source files makes them easily accessible to anyone with code access, which is insecure and violates best practices for handling secrets.

Impact

If exposed, attackers could use the token to access or manipulate your Facebook application’s data, impersonate users, or perform unauthorized actions on behalf of your app. This can lead to data breaches, compromised accounts, and reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

CodeClimate API keys or secrets appear to be hard-coded directly in the source code. Storing sensitive credentials in code exposes them to anyone with access to the repository, making them vulnerable to leaks.

Impact

If attackers obtain these credentials, they can access your CodeClimate account, potentially exposing code quality data, manipulating reports, or abusing linked integrations. This can lead to data breaches, unauthorized changes, and reputational damage for your organization.

Use of Hard-coded Credentials

Property
Languagegeneric
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

Usernames and passwords are being included directly in URIs within the code. This exposes sensitive credentials in plain text, making them easily accessible to anyone who can view the code, logs, or network traffic.

Impact

If exploited, attackers could steal these hard-coded credentials to gain unauthorized access to databases, servers, or other services, potentially leading to data breaches, service disruption, or further compromise of your systems.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Google Cloud service account credentials have been detected in your codebase. Exposing these credentials allows unauthorized access to your Google Cloud resources.

Impact

If attackers obtain these credentials, they can access, modify, or delete cloud resources and data, potentially resulting in data breaches, service disruption, or unauthorized charges to your cloud account.