Use of Hard-coded Credentials

Property
Languageregex
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

An AWS AppSync GraphQL API key has been found directly in the code or configuration. Storing sensitive credentials like API keys in source code makes them easy to leak or expose accidentally.

Impact

If an attacker obtains this API key, they could access or manipulate your AppSync GraphQL API, potentially exposing or altering sensitive data and incurring unexpected costs. This could lead to data breaches, unauthorized actions, and compromise of your cloud environment.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Twilio API key has been found directly in the codebase. Storing secret credentials in source code exposes them to anyone with code access, making it easy for attackers to misuse your Twilio account.

Impact

If an attacker obtains this API key, they could send messages, make calls, or access sensitive Twilio data using your account. This could lead to financial loss, unauthorized access to communications, and potential abuse of your organization’s services.

Use of Hard-coded Credentials

Property
Languageregex
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

An AWS Secret Access Key appears to be hard-coded directly into the codebase. Storing sensitive credentials in code exposes them to anyone with access to the repository, making them easy to leak or misuse.

Impact

If attackers obtain this key, they can gain full access to your AWS resources, potentially leading to data theft, service disruption, financial loss, and unauthorized changes to your cloud infrastructure. This can severely compromise both security and business operations.

Use of Hard-coded Credentials

Property
Languagegeneric
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A private key has been found directly in the code. Storing sensitive keys in source files exposes them to anyone with code access and increases the risk of accidental leaks.

Impact

If an attacker obtains this private key, they could impersonate your service, decrypt confidential data, or gain unauthorized access to protected resources. This could lead to data breaches, service compromise, or loss of trust in your application.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The use of ‘sshpass’ with a hard-coded SSH password exposes sensitive credentials directly in scripts or command lines. This practice makes the password easily accessible to anyone with access to the code or system process list.

Impact

If an attacker obtains the hard-coded SSH password, they could gain unauthorized access to remote systems, potentially leading to data breaches, system compromise, or lateral movement within your infrastructure. This undermines the security of your authentication process and can result in significant organizational risk.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A SendGrid API key has been found directly in the code or repository. Storing sensitive credentials in source code exposes them to anyone with access to the codebase.

Impact

If an attacker obtains this API key, they could send emails on behalf of your organization, access sensitive email data, or abuse your SendGrid account, potentially leading to spam, phishing, or reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Microsoft Outlook webhook URL has been found in the codebase, which likely exposes a secret endpoint used for automated notifications or integrations. Hardcoding such URLs can allow unauthorized access to your Outlook Team channel.

Impact

If an attacker obtains this webhook URL, they could send unauthorized messages, spam, or malicious content directly into your Outlook Team channel, potentially leading to information leaks, disruption, or abuse of internal communications.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Slack API token has been found in the codebase. Storing sensitive credentials like Slack tokens in code makes them accessible to anyone with code access, which is insecure.

Impact

If an attacker obtains this token, they could access your Slack workspace, read or send messages, and perform actions as if they were an authorized user or bot. This could lead to data leaks, unauthorized command execution, or disruption of team communications.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Telegram Bot API key has been found directly in the codebase. Hard-coding sensitive credentials like API keys exposes them to anyone with access to the code, making them vulnerable to misuse.

Impact

If an attacker obtains this API key, they could impersonate your bot, send unauthorized messages, access private conversations, or disrupt your Telegram service. This could lead to data leaks, spam, or the compromise of your application’s reputation and user trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

Amazon MWS (Marketplace Web Service) authentication tokens have been found directly in the codebase. Storing sensitive credentials like Auth Tokens in source code exposes them to anyone with code access, making them vulnerable to leaks.

Impact

If an attacker obtains an exposed Amazon MWS Auth Token, they could gain unauthorized access to your Amazon seller account data and perform actions such as retrieving orders or altering listings. This could lead to data breaches, financial loss, and damage to business operations or reputation.