Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Linear API key has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose or leak, especially if the code is shared or made public.

Impact

If an attacker obtains this API key, they could access or manipulate your Linear account and its data, potentially leading to unauthorized actions, data breaches, or loss of sensitive information. This can compromise both user privacy and organizational security.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code contains a hard-coded Finicity client secret, meaning sensitive credentials are written directly into the source code. This practice makes it easy for unauthorized users to access these secrets if the code is shared or leaked.

Impact

If an attacker obtains the hard-coded client secret, they could access Finicity APIs or services as your application, potentially exposing sensitive financial data or enabling fraudulent transactions. This can lead to data breaches, financial loss, and regulatory violations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Clojars API token was found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose, especially if the code is shared or published.

Impact

If an attacker gains access to this API token, they could publish, modify, or delete packages on your behalf or access sensitive information in your Clojars account. This could lead to unauthorized changes, package hijacking, or loss of trust in your software supply chain.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Fastly API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally leak or expose, putting sensitive access at risk.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Fastly account, modify configurations, or disrupt services. This can lead to data breaches, service outages, or misuse of infrastructure resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Doppler API token was found hard-coded in the source code. Storing sensitive credentials like API tokens directly in code can expose them to anyone with code access, posing a security risk.

Impact

If an attacker obtains this token, they could access or manipulate your Doppler secrets, potentially leading to unauthorized access, data breaches, or compromise of other connected systems. This can result in loss of sensitive data and damage to organizational security.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A PyPI upload token has been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, risking unauthorized use.

Impact

If an attacker obtains this token, they could upload or modify packages in your PyPI repository, potentially distributing malicious software or compromising your project’s integrity and reputation.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Discord API token has been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, including accidental leaks through version control.

Impact

If attackers obtain the Discord API token, they could gain unauthorized access to your Discord bot or user account, send malicious messages, steal sensitive data, or impersonate your service, potentially leading to data breaches or abuse of your Discord resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

MessageBird API tokens have been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone who has access to the repository, including through public leaks or insider threats.

Impact

If attackers obtain these tokens, they can impersonate your application, send messages, access sensitive data, or incur costs by abusing your MessageBird account. This could lead to data breaches, service disruption, and financial loss.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A New Relic browser API token was found hard-coded in the source code. Storing credentials directly in code makes them easy to discover and exposes sensitive access to anyone with code access.

Impact

If this token is leaked, attackers could send unauthorized data to your New Relic account or misuse your monitoring resources, potentially resulting in data tampering, increased costs, or exposure of application insights. This can compromise the security and integrity of your monitoring environment.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Slack legacy workspace tokens are hard-coded into the source code, exposing sensitive authentication credentials. Storing secrets directly in code makes them easy to leak and accessible to anyone with code access.

Impact

If exposed, attackers can use the token to access Slack workspaces, read or send messages, retrieve sensitive data, or impersonate users. This can lead to data breaches, unauthorized access, and potential compromise of internal communications.