Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Shopify private app access token was found hard-coded in the source code. Storing credentials directly in code exposes sensitive information to anyone with code access, making it insecure.

Impact

If an attacker obtains this token, they could access or control your Shopify app and data, potentially leading to data breaches, unauthorized transactions, or service disruption. This could compromise customer information and damage your organization’s reputation.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Flutterwave public API key has been found hard-coded in the source code. Storing sensitive credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of unauthorized use.

Impact

If exposed, attackers could use the leaked API key to interact with Flutterwave services on your behalf, potentially making unauthorized transactions or accessing sensitive financial data. This can lead to financial loss, data breaches, and reputational damage for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A GitHub App token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally leak or expose to unauthorized users.

Impact

If this token is exposed, attackers could gain unauthorized access to your GitHub App or repositories, potentially leading to code theft, data manipulation, or further compromise of your organization’s infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Bittrex API keys are hard-coded directly into the source code. Storing credentials in code makes them easy to accidentally expose or leak, especially if the repository is shared or made public.

Impact

If attackers gain access to these hard-coded keys, they could perform unauthorized actions on your Bittrex account, such as executing trades or withdrawing funds. This can lead to financial losses, account compromise, and reputational damage to your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An npm access token has been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with code access, making it easy for secrets to be unintentionally leaked.

Impact

If an attacker obtains this token, they could gain unauthorized access to your npm account—potentially publishing, modifying, or deleting packages. This can lead to supply chain attacks, data breaches, or loss of trust in your software.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Typeform API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and is not a secure practice.

Impact

If this token is leaked, attackers could gain unauthorized access to your Typeform account, allowing them to view, modify, or delete sensitive data. This can lead to data breaches, service disruption, and reputational damage for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Duffel API tokens were found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with access to the repository, increasing the risk of accidental leaks.

Impact

If these tokens are exposed, attackers could gain unauthorized access to your Duffel account, potentially viewing or manipulating sensitive data, performing unauthorized transactions, or abusing your resources. This can lead to data breaches, service disruption, and financial loss.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Facebook Page Access Token has been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, increasing the risk of unauthorized use.

Impact

If attackers obtain this token, they can gain control over the associated Facebook Page, potentially posting unauthorized content, accessing private page data, or performing malicious actions that could damage your brand and compromise user trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Slack user tokens are hard-coded in the source code, exposing sensitive credentials within the repository. Storing secrets directly in code makes them easy to leak if the code is shared or becomes public.

Impact

If an attacker obtains these tokens, they could gain unauthorized access to Slack accounts or workspaces, read or send messages, or perform actions as the compromised user. This could lead to data theft, account takeover, or abuse of your organization’s Slack environment.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Twitter API bearer token was found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally expose and should be avoided.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Twitter account or API, potentially resulting in data leaks, account abuse, or reputational damage. Hard-coded secrets are a common target for attackers scanning public or leaked code repositories.