Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive JFrog API keys have been found hard-coded in the source code. Storing credentials directly in code makes them easy to leak or accidentally share, exposing them to anyone with access to the repository.

Impact

If an attacker obtains a hard-coded JFrog API key, they could access your organization’s artifact repositories, upload or download sensitive packages, or tamper with software releases. This can lead to data breaches, supply chain attacks, and loss of control over critical infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Sidekiq credentials have been found hard-coded in the source code. Storing secrets like API keys or passwords in code makes them easily accessible to anyone with code access, risking unintentional leaks.

Impact

If these credentials are exposed, attackers could gain unauthorized access to Sidekiq services or infrastructure, potentially leading to data theft, service disruption, or further compromise of your systems. This can result in loss of sensitive data, reputational damage, and compliance violations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Sendbird access tokens have been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with code access and increases the risk of accidental leaks.

Impact

If these tokens are exposed, attackers could gain unauthorized access to Sendbird services, potentially compromising user data, sending messages, or manipulating communication features. This could lead to data breaches, service abuse, or regulatory violations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Slack bot token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and puts your Slack workspace at risk.

Impact

If attackers gain access to this token, they could control your Slack bot, impersonate it, read or send messages, or access sensitive data. This could lead to unauthorized actions within your Slack organization and potential data breaches.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A PlanetScale API token has been found hard-coded in the codebase. Storing credentials directly in source code exposes sensitive information and makes it easy for attackers to access them if the code is leaked or shared.

Impact

If an attacker obtains the hard-coded API token, they could gain unauthorized access to your PlanetScale database, potentially reading, modifying, or deleting data. This could lead to data breaches, service disruption, and severe reputational or financial damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Confluent credentials appear to be hard-coded directly in the source code. Storing secrets this way makes them easily accessible to anyone with code access and increases the risk of accidental exposure.

Impact

If attackers obtain these hard-coded credentials, they could gain unauthorized access to Confluent services, potentially leading to data breaches, service disruptions, or misuse of infrastructure. This can compromise both application security and organizational data integrity.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive credentials, such as vault service tokens, have been found hard-coded directly in the source code. Storing secrets in code makes them easily accessible to anyone with code access, increasing the risk of credential leaks.

Impact

If these hard-coded tokens are exposed, attackers could gain unauthorized access to protected services or data. This could lead to data breaches, service disruption, or further compromise of systems, potentially affecting the entire organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive private keys have been found hard-coded in the source code. Storing credentials or secrets directly in code makes them accessible to anyone with code access, increasing the risk of leaks.

Impact

If an attacker gains access to the repository, they can use these private keys to impersonate users, access protected systems, or steal sensitive data. This can lead to unauthorized access, data breaches, or compromise of critical infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code contains a hard-coded Bittrex API secret key, which exposes sensitive credentials directly in the source code. Storing secrets this way makes them easily accessible to anyone with access to the codebase.

Impact

If an attacker obtains the hard-coded secret key, they could gain unauthorized access to your Bittrex account, potentially leading to financial loss, unauthorized transactions, or data breaches. This also increases the risk of secrets being leaked if the code is shared or published.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A JSON Web Token (JWT) has been found hard-coded in the source code. Storing credentials or tokens directly in code makes them accessible to anyone with code access, increasing the risk of unauthorized use.

Impact

If attackers obtain hard-coded JWTs, they could impersonate users, gain unauthorized access to sensitive systems or data, and compromise application security. This can lead to data breaches, privilege escalation, and loss of trust for the organization.