Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Twilio API keys are hard-coded directly into the source code. Storing credentials in code makes them easy to accidentally expose in version control or code sharing.

Impact

If attackers gain access to the source code, they can use the exposed Twilio API key to send messages, make calls, or access account resources—potentially leading to unauthorized charges, data leaks, or abuse of your Twilio services.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Databricks API tokens have been found hard-coded in the source code. Storing sensitive credentials directly in code makes them visible to anyone with access to the repository, increasing the risk of accidental leaks.

Impact

If attackers obtain these exposed tokens, they could access Databricks resources, view or modify sensitive data, execute code, or incur infrastructure costs. This can lead to data breaches, service disruption, and loss of organizational trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Grafana API key was found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally share or expose, increasing the risk of unauthorized access.

Impact

If an attacker obtains this API key, they could access sensitive Grafana data, modify dashboards, or escalate their privileges within your monitoring environment. This could lead to data breaches, service disruptions, or misuse of your infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Sumologic access token was found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally expose and compromises system security.

Impact

If someone gains access to the token in your code, they could use it to access your Sumologic account, potentially exposing sensitive logs or data, incurring costs, or enabling further attacks against your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Mailgun private API token has been found hard-coded in the source code. Storing credentials directly in code can expose sensitive information to anyone with access to the repository.

Impact

If exposed, an attacker could use the Mailgun API token to send emails, access email logs, or manipulate your email service on behalf of your organization. This could lead to unauthorized access, misuse of resources, data breaches, or reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A gitleaks cloudflare-origin-ca-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Google Cloud Platform (GCP) API key has been hard-coded directly into the source code. Storing credentials in code makes them easy to accidentally expose in version control or shared repositories.

Impact

If the API key is leaked, attackers could use it to access your GCP resources, potentially incurring costs, stealing data, or disrupting services. This can lead to unauthorized access, data loss, and financial or reputational damage to your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Netlify access token has been found hard-coded in the source code. Storing sensitive credentials directly in code exposes them to anyone with access to the repository, increasing the risk of unauthorized use.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Netlify account, modify or deploy sites, or access sensitive project data. This could lead to service disruptions, data leaks, or malicious content being published under your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A DroneCI access token was found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of secret leaks.

Impact

If exposed, attackers could use the access token to compromise your DroneCI pipelines, trigger unauthorized builds, access sensitive resources, or modify infrastructure, potentially leading to data loss or further breaches.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Lob public API key has been found hard-coded in the source code. Storing API keys or credentials in code exposes them to anyone with code access, increasing the risk of accidental leaks.

Impact

If this key is exposed, attackers could use it to interact with the Lob API on your behalf, potentially sending unauthorized requests, consuming resources, or accessing sensitive data. This can lead to service abuse, financial loss, or data compromise.