Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Authress service client access keys have been found hard-coded in the source code. Storing credentials directly in code makes them easy to discover and misuse by anyone with code access.

Impact

If exposed, attackers could use these keys to gain unauthorized access to protected services or data, potentially leading to data breaches, privilege escalation, or service abuse. This can compromise the security of your application and put sensitive information at risk.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Shopify shared secret was found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and accessible to anyone with code access.

Impact

If an attacker obtains this secret, they could impersonate your app, access sensitive Shopify data, or perform unauthorized actions on behalf of your application. This can lead to data breaches, account compromise, and loss of customer trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A GitHub refresh token appears to be hard-coded directly in the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of secret leakage.

Impact

If this token is exposed, attackers could use it to access or manipulate your GitHub account or repositories, potentially leading to data theft, code tampering, or unauthorized access to sensitive resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Bitbucket client IDs (credentials) have been found hard-coded in the source code. Storing secrets directly in code makes them easy to accidentally leak or expose to unauthorized users.

Impact

If these credentials are discovered, attackers could gain unauthorized access to Bitbucket resources, potentially leading to data breaches, code theft, or manipulation of repositories. This can compromise the security and integrity of your application and organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An Adafruit API key has been found hard-coded directly in the source code. Storing sensitive credentials in code makes them easy to accidentally share or leak, exposing your project to unauthorized access.

Impact

If an attacker obtains the exposed API key, they could gain access to your Adafruit account or services, potentially leading to data theft, unauthorized operations, or unexpected costs. This could compromise both your application and any connected resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A gitleaks defined-networking-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Mailgun signing key has been found hard-coded in the source code. Storing API credentials directly in code exposes them to anyone with access to the repository, increasing the risk of accidental leaks.

Impact

If an attacker obtains this key, they could send emails or access your Mailgun account, potentially leading to spam, phishing attacks, or unauthorized use of your email services. This can damage your organization’s reputation and compromise user data.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Mailgun public API key has been hard-coded directly into the source code. Storing credentials in code can expose sensitive keys if the codebase is shared or made public.

Impact

If attackers gain access to this key, they could send emails or perform unauthorized actions through your Mailgun account, potentially leading to spam, phishing, or misuse of your email infrastructure. This could result in service disruption, reputational damage, or account compromise.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Slack App tokens have been found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally leak or expose, increasing the risk of unauthorized access.

Impact

If attackers obtain these hard-coded tokens, they could access or control your Slack app, potentially stealing messages, sending unauthorized commands, or compromising sensitive data. This could lead to data breaches, loss of control over integrations, and reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Dropbox API tokens have been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, increasing the risk of unauthorized access.

Impact

If attackers obtain these hard-coded tokens, they could access or manipulate your Dropbox data, potentially leading to data leaks, loss, or unauthorized changes. This could compromise sensitive information and damage your organization’s reputation.