Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Planetscale OAuth token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally share or expose, increasing the risk of unauthorized access.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Planetscale database, potentially viewing, modifying, or deleting sensitive data. This could lead to data breaches, loss of service, and compromise of customer or business information.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A LinkedIn client ID was found hard-coded in the source code. Storing credentials like API keys directly in code makes them vulnerable to accidental exposure, especially if the code is shared or made public.

Impact

If attackers gain access to the client ID, they could misuse your LinkedIn integration, impersonate your application, or access sensitive LinkedIn data. This could lead to unauthorized actions, data leaks, or abuse of your organization’s LinkedIn API quota.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A hard-coded EasyPost API token was found in the codebase. Storing credentials directly in source code makes them easy to accidentally leak and exposes sensitive access to anyone with code access.

Impact

If exposed, attackers could use the leaked EasyPost API token to access, modify, or abuse your shipping and logistics services, potentially resulting in unauthorized transactions, data breaches, or financial loss for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Asana client IDs were found in the source code. Storing credentials directly in code makes them accessible to anyone with code access, increasing the risk of accidental exposure.

Impact

If these credentials are leaked, attackers could potentially access your Asana integrations or data, impersonate your application, or exploit your API usage. This could lead to data breaches, unauthorized actions, or compromise of sensitive project information.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

KuCoin API secret keys have been found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally expose, especially if the code is shared or published.

Impact

If an attacker obtains these hard-coded KuCoin secret keys, they could gain unauthorized access to your KuCoin account, execute trades, withdraw funds, or access sensitive account information, potentially resulting in financial loss or compromise of business assets.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A HashiCorp Terraform API token appears to be hard-coded directly into the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of secret leaks.

Impact

If an attacker gains access to this token, they could interact with your Terraform resources, potentially altering infrastructure, accessing sensitive data, or causing service disruptions. This could lead to unauthorized changes, data breaches, and significant security incidents for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A LinkedIn client secret has been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of unauthorized use.

Impact

If attackers obtain this secret, they could impersonate your application, access sensitive LinkedIn APIs, or abuse your LinkedIn integration. This can lead to data breaches, account compromise, and reputational or financial loss for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A DigitalOcean access token has been found hard-coded in the source code. Storing secrets like API tokens directly in code exposes them to anyone with repository access and increases the risk of accidental leaks.

Impact

If an attacker obtains this access token, they could gain unauthorized access to your DigitalOcean account, potentially leading to resource manipulation, data exposure, service disruption, or unexpected costs for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An age secret key was found hard-coded in the source code. Storing sensitive credentials directly in code can expose them to anyone with access to the repository.

Impact

If attackers obtain this secret key, they can decrypt protected data or perform unauthorized actions, leading to data breaches or system compromise. This puts sensitive information and the organization’s security at risk.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded API tokens have been found in the source code. Storing credentials directly in code makes them easy to accidentally expose, especially if the code is shared or published.

Impact

If attackers gain access to these tokens, they could use them to access sensitive APIs or services, potentially leading to data breaches, unauthorized actions, or compromise of other systems connected to your application.