Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A DigitalOcean refresh token (a type of secret credential) is hard-coded directly into the source code. Storing credentials in code makes them easily accessible to anyone with code access, increasing the risk of accidental leaks.

Impact

If a hard-coded refresh token is exposed, attackers could use it to gain unauthorized access to your DigitalOcean account, potentially allowing them to view, modify, or delete resources. This can lead to data breaches, resource compromise, and financial loss.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Yandex API key has been found hard-coded in the source code. Storing credentials directly in code makes them visible to anyone with access to the repository, increasing the risk of accidental exposure.

Impact

If an attacker gains access to the exposed API key, they could use it to access Yandex services on your behalf, potentially leading to data breaches, unauthorized actions, or unexpected charges. This could compromise sensitive information or disrupt business operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Twitter API credentials appear to be hard-coded directly in the source code. Storing secrets like access tokens in code makes them easy to accidentally expose, especially in public or shared repositories.

Impact

If these credentials are leaked, attackers could gain unauthorized access to your Twitter account or application, potentially posting tweets, reading private data, or impersonating your service. This can lead to data breaches, brand damage, and abuse of your organization’s Twitter resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code contains a hard-coded Prefect API token, which means sensitive credentials are directly embedded in the source. Storing secrets like this in code makes them easy to accidentally expose or leak through version control.

Impact

If attackers gain access to the codebase, they could use the exposed API token to interact with Prefect services, potentially accessing, modifying, or deleting workflows and data. This can lead to unauthorized access, data breaches, and compromise of critical automation infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An OpenAI API key has been found hard-coded in the source code. Storing sensitive credentials in code exposes them to anyone with code access, increasing the risk of unauthorized use.

Impact

If an attacker obtains the exposed API key, they could make unauthorized requests to the OpenAI API, potentially incurring unexpected costs, accessing sensitive data, or abusing your account. This could lead to financial loss, data breaches, or service disruption for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Coinbase access token was found hard-coded in the source code. Storing sensitive credentials like API keys directly in code makes them vulnerable to accidental exposure and unauthorized access.

Impact

If an attacker obtains this access token, they could access or manipulate your Coinbase account and its assets, potentially leading to financial loss, data breaches, or unauthorized transactions. Leaked tokens can also be abused if the code is shared publicly or within the organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Infracost API tokens have been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, increasing the risk of leaks.

Impact

If attackers obtain these API tokens, they could access or manipulate your Infracost account, potentially leading to unauthorized usage, data exposure, or financial loss. Hard-coded secrets also increase the risk of accidental leaks through code sharing or public repositories.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Slack webhook URL was found hard-coded in the source code. Storing credentials or secret URLs directly in code can expose them to anyone with access to the repository.

Impact

If attackers obtain the Slack webhook URL, they can send unauthorized messages to your Slack channels, potentially spamming, phishing, or leaking sensitive information. This could disrupt team communications and damage organizational trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A RapidAPI access token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose, especially if the code is shared or made public.

Impact

If attackers gain access to this token, they could use your RapidAPI account to make unauthorized API calls, potentially consuming quota, incurring costs, or accessing sensitive data. This could lead to data breaches, service abuse, or financial loss for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Mapbox API token was found hard-coded in the source code. Storing secret keys directly in code exposes them to anyone who can access the codebase, including public repositories.

Impact

If an attacker obtains this token, they can make unauthorized requests to Mapbox services using your account, potentially leading to data exposure, service abuse, unexpected charges, or disruption of your application’s mapping functionality.