Use of Hard-coded Credentials

Property
Languagegeneric
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A GitHub authentication token has been found directly in the source code. Storing sensitive credentials like tokens in code exposes them to anyone with access to the repository, including public viewers if the code is shared.

Impact

If an attacker obtains this token, they could gain unauthorized access to your GitHub account or organization, perform actions such as reading or modifying code, accessing private repositories, or triggering workflows. This could lead to data leaks, code tampering, or disruption of your development processes.

Use of Hard-coded Credentials

Property
Languagegeneric
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An NPM registry authentication token is stored directly in a configuration file (such as .npmrc). Hard-coding sensitive credentials in files exposes them to anyone with access to the codebase or repository.

Impact

If an attacker gains access to this token, they could publish, modify, or delete packages in your NPM account or organization, potentially leading to supply chain attacks, data leaks, or service disruption.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A PGP private key has been found directly in the codebase, which means sensitive cryptographic credentials are exposed. Private keys should never be hardcoded or stored in source control.

Impact

If this private key is leaked, attackers could decrypt confidential data, impersonate users, or gain unauthorized access to secure systems, leading to data breaches or loss of trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Heroku API key has been found directly in the codebase. Exposing sensitive credentials in code allows anyone with access to the repository to misuse your Heroku account.

Impact

If an attacker obtains this API key, they can access, modify, or delete your Heroku apps and data, potentially resulting in service downtime, data breaches, or unexpected costs for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Stripe API secret key has been found directly in the codebase. Exposing sensitive credentials in source code makes them vulnerable to accidental leaks or unauthorized access.

Impact

If an attacker gains access to this secret key, they could perform unauthorized transactions, access customer payment data, or make changes to your Stripe account, leading to financial loss and reputational damage for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Your code or configuration contains a Google OAuth client ID, which should not be exposed in public repositories or codebases. Exposing this information can make it easier for attackers to target your OAuth integration.

Impact

If attackers discover your Google OAuth client ID, they could attempt phishing or abuse authentication flows, potentially leading to unauthorized access or compromising user accounts. This can result in data leaks or damage to user trust in your application.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Facebook OAuth token has been found hard-coded in the source code. Storing authentication tokens directly in code exposes sensitive credentials to anyone with access to the codebase.

Impact

If attackers obtain this token, they could impersonate users or access protected Facebook APIs on behalf of your application, leading to unauthorized data access, account compromise, or abuse of integrated Facebook services.

Use of Hard-coded Credentials

Property
Languageregex
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

AWS Access Key IDs are hardcoded directly into the codebase. Storing sensitive credentials like these in source code makes them easy to leak if the code is shared or published.

Impact

If exposed, attackers could use these credentials to access and control your AWS resources, potentially leading to data breaches, unauthorized infrastructure changes, or significant financial loss for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Google OAuth access token has been found in your code or configuration files. Storing access tokens in source code can expose sensitive credentials to anyone with code access, including unintended parties.

Impact

If an attacker obtains this token, they could access Google services or user data on behalf of your application, potentially leading to unauthorized data exposure, account compromise, or misuse of cloud resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Picatic API key has been found directly in the codebase. Storing API keys in source code exposes them to anyone with code access, increasing the risk of unauthorized use.

Impact

If attackers obtain this API key, they could access or manipulate your Picatic account, potentially leading to data breaches, financial loss, or abuse of your organization’s event management services.