Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Slack legacy bot tokens are hard-coded directly into the source code, exposing sensitive credentials. Storing secrets in code makes them easily accessible to anyone with code access, increasing the risk of leaks.

Impact

If attackers obtain these hard-coded Slack bot tokens, they can gain unauthorized access to your Slack workspace, send messages, read private channels, or impersonate bots. This can lead to data breaches, unauthorized actions, and compromised internal communications.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive credentials or JWT secrets appear to be hard-coded directly in the source code. Storing secrets in code exposes them to anyone with repository access, increasing the risk of unauthorized access.

Impact

If attackers gain access to hard-coded secrets, they could impersonate users, access protected resources, or compromise systems. This can lead to data breaches, unauthorized actions, and damage to the application’s security and reputation.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded PlanetScale database passwords have been detected in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of accidental leaks.

Impact

If attackers obtain these credentials, they could gain unauthorized access to your PlanetScale database, potentially leading to data theft, data loss, or unauthorized data modifications. This can compromise sensitive information and disrupt business operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Sentry access tokens have been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose or leak, which is an insecure practice.

Impact

If attackers gain access to these hard-coded tokens, they can potentially access your Sentry account, view sensitive error data, or manipulate project settings. This could lead to data breaches, loss of control over monitoring systems, and further compromise of your application’s security.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Adobe Client IDs or credentials have been found hard-coded directly in the source code. Storing sensitive credentials in code makes them vulnerable to accidental disclosure through code sharing or repository leaks.

Impact

If these credentials are exposed, attackers could gain unauthorized access to Adobe services or sensitive user data, leading to data breaches, account compromise, or abuse of application resources. This may result in financial loss, legal consequences, or reputational damage for the organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive credentials, such as passwords, are hard-coded directly into the source code. This exposes secrets to anyone with code access and increases the risk of accidental leaks through version control or code sharing.

Impact

If attackers gain access to the source code, they can easily extract hard-coded credentials, allowing unauthorized access to critical systems or data. This can lead to data breaches, service disruption, or further compromise of infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Datadog access token has been found hard-coded in the source code. Storing sensitive credentials directly in code exposes them to anyone with code access, increasing the risk of unauthorized use.

Impact

If leaked, attackers could use the Datadog token to access monitoring data, manipulate dashboards, or disrupt logging infrastructure. This could lead to exposure of sensitive operational information, service disruptions, or unauthorized changes to monitoring settings.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Etsy access tokens have been detected in the source code. Storing credentials directly in code makes them easy to accidentally expose or leak, putting sensitive access at risk.

Impact

If an attacker obtains these tokens—such as through a public code repository—they could access Etsy accounts or APIs with the same permissions as your application, potentially leading to data breaches, unauthorized transactions, or abuse of your services.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A GitHub fine-grained personal access token is hard-coded directly in the source code. Storing credentials in code makes them easy to accidentally expose or leak, especially if the repository is shared or made public.

Impact

If an attacker obtains this token, they could access or manipulate your GitHub resources as permitted by the token’s scope. This could lead to unauthorized code changes, data theft, or further compromise of your organization’s repositories.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Harness API keys were found in the source code. Storing credentials directly in code makes them easy to accidentally expose, especially if the code is shared or published.

Impact

If attackers obtain these API keys, they could gain unauthorized access to your Harness account and resources, potentially leading to data leaks, disruption of CI/CD pipelines, or misuse of your infrastructure. This could result in compromised systems and significant organizational risk.