Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Kraken API access tokens were found in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of accidental leaks.

Impact

If attackers obtain these hard-coded tokens, they can gain unauthorized access to Kraken accounts, potentially making trades, withdrawing funds, or accessing sensitive financial data. This can lead to financial loss, account compromise, and reputational damage for both users and the organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Hugging Face access token was found hard-coded in the source code. Storing credentials directly in code exposes them to anyone who can access the repository, increasing the risk of unauthorized access.

Impact

If the token is leaked, an attacker could use it to access your Hugging Face account, potentially stealing, modifying, or deleting models and data. This could lead to data breaches, loss of intellectual property, or unauthorized resource usage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code contains an Adobe client secret directly embedded in the source, exposing sensitive credentials. Storing secrets in code makes them vulnerable to accidental leaks or unauthorized access.

Impact

If the Adobe client secret is exposed, attackers could gain unauthorized access to Adobe APIs or services, potentially leading to data theft, account compromise, or abuse of organizational resources. This can result in security breaches, regulatory violations, or financial loss.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Vault batch tokens have been found in the codebase. Storing sensitive credentials like tokens directly in source code exposes them to anyone with code access, increasing the risk of leaks.

Impact

If these tokens are exposed, attackers could gain unauthorized access to Vault secrets or services, potentially leading to data breaches, privilege escalation, or further compromise of internal systems. This can put sensitive information and overall application security at risk.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Scalingo API token appears to be hard-coded directly in the source code. Storing sensitive credentials in code makes them easy to accidentally expose in version control or code sharing.

Impact

If this token is leaked, attackers could gain unauthorized access to Scalingo services, potentially allowing them to control infrastructure, access sensitive data, or disrupt services. This could lead to data breaches, service outages, and compromise of your application’s environment.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A GoCardless API token was found hard-coded in the source code. Storing sensitive credentials directly in code can expose them if the code is shared or leaked.

Impact

If an attacker gains access to the exposed API token, they could perform unauthorized actions on your GoCardless account, such as initiating or modifying payments, leading to financial loss or data breaches.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Slack refresh tokens are hard-coded in the source code, exposing credentials to anyone with code access. Storing secrets directly in code makes them easy to leak or misuse.

Impact

If attackers gain access to these hard-coded tokens, they could compromise Slack accounts or services, send unauthorized messages, or access sensitive data. This can lead to data breaches, unauthorized actions, and potential reputational damage for the organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Sumo Logic Access IDs are hard-coded directly in the source code. Storing credentials in code makes them easy to accidentally expose in repositories or logs, risking unauthorized access.

Impact

If attackers obtain these hard-coded credentials, they could access your organization’s Sumo Logic account, potentially viewing, modifying, or deleting sensitive log data. This can lead to data breaches, compliance violations, and further attacks leveraging exposed information.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code includes hard-coded credentials within a URL, exposing sensitive information directly in the source code. Storing secrets like usernames or passwords in code makes them accessible to anyone with code access, increasing the risk of leaks.

Impact

If these credentials are exposed, attackers could gain unauthorized access to protected systems or services, potentially leading to data theft, unauthorized changes, or service disruption. This can compromise both the security of your application and the privacy of users or business data.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Codecov access token was found hard-coded in the source code. Storing credentials directly in code makes them easy to expose and puts your secrets at risk if the codebase is shared or leaked.

Impact

If an attacker obtains this access token, they could gain unauthorized access to your Codecov account, potentially compromising sensitive data, modifying code coverage reports, or launching further attacks against your systems or CI/CD pipelines.