Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A New York Times API access token appears to be hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally share or expose, putting sensitive information at risk.

Impact

If an attacker gains access to this token, they could use it to interact with the New York Times API as your application, potentially accessing, modifying, or abusing your account and its data. This can lead to unauthorized actions, service misuse, or billing issues, and could compromise your organization’s reputation and security.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Atlassian API tokens have been found in the source code. Storing credentials directly in code exposes them to anyone with repository access, increasing the risk of unauthorized use.

Impact

If attackers obtain these tokens, they can gain access to Atlassian services (like Jira or Confluence), potentially reading, modifying, or deleting sensitive company data. This could lead to data breaches, service disruption, or further compromise of internal systems.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Flickr access token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and accessible to anyone with code access.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Flickr account, potentially stealing sensitive data, posting content, or abusing the account. This can lead to data breaches, compromised user privacy, and reputational or financial damage to your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Plaid client IDs were found hard-coded in the source code. Storing credentials directly in code exposes sensitive information and increases the risk of accidental leaks.

Impact

If these hard-coded credentials are exposed, attackers could gain unauthorized access to connected financial services or sensitive account data. This could lead to data breaches, financial fraud, and compromise of user trust or regulatory violations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Gitter access token appears to be hard-coded directly in the source code. Storing credentials in code makes them easy to leak and exposes them to anyone with access to the repository.

Impact

If this token is exposed, attackers could gain unauthorized access to your Gitter account or services, potentially allowing them to read or send messages, access sensitive data, or impersonate your application. This could lead to data breaches or abuse of your organization’s resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Facebook access token has been found hard-coded in the source code. Storing sensitive credentials directly in code exposes them to anyone with access to the repository, increasing the risk of unauthorized use.

Impact

If an attacker obtains this access token, they could impersonate users or services, access private Facebook APIs, extract sensitive data, or abuse your Facebook integrations. This can lead to data breaches, account compromise, or unauthorized actions carried out in your application’s name.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Plaid API access token has been found hard-coded in the source code. Storing sensitive credentials directly in code can expose them to anyone with access to the repository, increasing the risk of unauthorized use.

Impact

If attackers gain access to the exposed Plaid API token, they could access, modify, or steal sensitive financial data, potentially resulting in data breaches, financial fraud, or loss of customer trust. This also violates best practices for credential management and could lead to regulatory or compliance issues.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A gitleaks dropbox-long-lived-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Pulumi API tokens were found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, making them easy to accidentally leak or misuse.

Impact

If attackers obtain a hard-coded Pulumi API token, they can access your Pulumi account and infrastructure, potentially modifying or destroying resources, stealing sensitive data, or incurring unauthorized costs. This can lead to serious security breaches and operational disruptions.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Cloudflare API keys have been found hard-coded in the source code. Storing credentials directly in code makes them vulnerable to accidental exposure and unauthorized access.

Impact

If attackers obtain these hard-coded API keys, they could gain unauthorized access to your Cloudflare account, potentially modifying DNS records, exposing sensitive data, or disrupting services. This creates a significant risk of service compromise or data breaches.