Use of Hard-coded Credentials

Property
Languageregex
Severitycritical
CWECWE-798: Use of Hard-coded Credentials
Confidence LevelHigh
Impact LevelHigh
Likelihood LevelHigh

Description

An Onfido live API token has been found directly in the codebase. Storing sensitive API credentials in source code exposes them to anyone with code access, making it easy for unauthorized users to misuse them.

Impact

If an attacker obtains this token, they can interact with the Onfido API as your application, potentially accessing sensitive user information, submitting fraudulent identity checks, or incurring unexpected costs. This can lead to data breaches, loss of trust, and financial or legal repercussions for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A MailChimp API key has been found hard-coded in the codebase. Storing API keys in source code exposes sensitive credentials that should be kept private.

Impact

If exposed, attackers could use the API key to access or manipulate your MailChimp account, potentially sending unauthorized emails, viewing mailing lists, or accessing sensitive data. This can lead to data breaches, account abuse, and reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Sauce Labs access token appears to be hard-coded or exposed in the codebase. Storing sensitive credentials like this in code makes them easily accessible to anyone with code access.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Sauce Labs account, potentially running, modifying, or deleting automated tests and data. This could lead to data leaks, service misuse, or disruptions to your CI/CD workflow.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelMedium
Impact LevelLow
Likelihood LevelLow

Description

A Stripe Restricted API Key has been found hard-coded in the codebase. Storing sensitive API keys directly in code can expose them to unauthorized users if the code is leaked or shared.

Impact

If an attacker obtains this API key, they may be able to access or interact with your Stripe account in ways permitted by the key’s restrictions, potentially leading to unauthorized transactions, data exposure, or abuse of payment services. This can result in financial loss and compromise of sensitive business operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A SonarQube Docs API key has been found directly in the codebase. Storing sensitive credentials like API keys in code makes them accessible to anyone with access to the repository.

Impact

If exposed, attackers can use the API key to access or manipulate your SonarQube instance, potentially leaking source code, project information, or altering code quality data. This can lead to data breaches, unauthorized actions, and loss of control over your code analysis environment.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Kolide API key appears to be hard-coded or exposed in your codebase. Exposing secret credentials in source code can allow unauthorized access to Kolide services.

Impact

If this API key is leaked, attackers could gain control over your Kolide instance, potentially accessing sensitive data, executing commands, or altering configurations. This may lead to data breaches, unauthorized activity, or loss of control over your infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Mailgun API key has been found hard-coded in the codebase, which exposes sensitive credentials directly in source files. Storing API keys in code makes them accessible to anyone with code access, including unauthorized users.

Impact

If an attacker obtains the Mailgun API key, they could send emails, access email logs, or abuse your Mailgun account, potentially leading to spam, data breaches, or financial loss. This could also compromise your application’s reputation and result in unauthorized use of your email infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

An AWS session token has been found directly in the codebase. Storing sensitive credentials like AWS tokens in code exposes them to anyone with code access, making the application insecure.

Impact

If attackers gain access to the exposed AWS session token, they could use it to authenticate as your application, potentially accessing, modifying, or deleting AWS resources. This could lead to data breaches, service disruption, and significant financial or reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive secret values, such as API keys or credentials, are hard-coded directly into the source code. Storing secrets in code makes them easily accessible to anyone with code access and increases the risk of accidental exposure.

Impact

If attackers gain access to these secrets, they can compromise accounts, access sensitive data, or perform unauthorized actions in external systems. This can lead to data breaches, service abuse, and loss of control over critical resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Linux shadow file content, which stores hashed user passwords, has been detected in your codebase. Including this file exposes confidential authentication data and should never be committed to source control.

Impact

If attackers gain access to the shadow file, they can attempt to crack user passwords, potentially leading to full system compromise. This can result in unauthorized access, data breaches, and loss of trust in your application’s security.