Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

KuCoin API access tokens have been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, making them easy to leak or misuse.

Impact

If an attacker obtains these hard-coded tokens, they could gain unauthorized access to KuCoin accounts or services, potentially leading to financial loss, data theft, or manipulation of assets. This risk extends to both public and private code repositories, endangering your application’s security and user trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Grafana service account token was found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, increasing the risk of leaks.

Impact

If an attacker obtains this token, they could access or control Grafana services, potentially viewing sensitive dashboards, modifying configurations, or escalating privileges. This can lead to data breaches, unauthorized changes, and compromise of monitoring infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code contains a hard-coded Beamer API token, which exposes sensitive credentials directly in the source. Storing secrets in code makes them accessible to anyone with code access, increasing the risk of leaks.

Impact

If the token is discovered, an attacker could use it to access or control resources tied to your Beamer account, potentially leading to data breaches, unauthorized changes, or abuse of services. This can compromise the security and reputation of your application or organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Microsoft Teams webhook URL has been found hard-coded in the source code. Storing sensitive URLs like webhooks directly in code exposes them to anyone with access to the repository.

Impact

If someone obtains this webhook URL, they can send unauthorized messages to your Teams channel, potentially leading to spam, phishing, or information disclosure. This can disrupt team communication and damage trust in your organization’s security.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Linear API client secrets have been found hard-coded directly in the source code. Storing credentials in code exposes them to anyone with access to the codebase, making them easily discoverable.

Impact

If these secrets are leaked, attackers could gain unauthorized access to your Linear account or data, potentially leading to data breaches, unauthorized actions, or compromise of other connected systems. This puts both your application’s security and your organization’s data integrity at risk.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Facebook API secret or credential has been found hard-coded in the source code. Storing secrets directly in code exposes them to anyone with access to the repository, increasing the risk of leaks.

Impact

If attackers gain access to this secret, they could impersonate your application, access sensitive Facebook APIs, or abuse your account. This can lead to data breaches, unauthorized actions, and potential reputational or financial damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Shopify custom access tokens have been found hard-coded in the source code. Storing credentials directly in code can expose them to anyone with access to the repository, increasing the risk of unauthorized access.

Impact

If attackers obtain these tokens, they could gain unauthorized access to Shopify resources, potentially allowing data theft, account takeover, or manipulation of store operations. This can lead to data breaches, financial loss, and damage to customer trust.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive JFrog identity tokens are hard-coded directly in the source code. Storing credentials like this exposes them to anyone with access to the codebase, making it easy for attackers to steal and misuse these secrets.

Impact

If an attacker accesses the hard-coded token, they could gain unauthorized entry to your JFrog services, potentially leading to data leaks, code manipulation, or system compromise. This can result in loss of sensitive assets, service disruptions, or broader security breaches within your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Slack access token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and is not a secure practice.

Impact

If attackers gain access to this token, they could potentially read or manipulate Slack messages, impersonate users, or access sensitive information. This can lead to data leaks, unauthorized actions within your Slack workspace, and broader compromise if attackers pivot using this credential.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Twitch API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally leak or expose, which is unsafe.

Impact

If an attacker gains access to the exposed token, they could use it to impersonate your application, access or modify Twitch account data, or perform unauthorized actions. This can lead to account compromise, data breaches, or abuse of your platform’s integrations.