Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive credentials (such as client secrets) have been hard-coded directly into the source code. Storing secrets this way exposes them to anyone with code access, increasing the risk of accidental or malicious leaks.

Impact

If exposed, attackers could use these credentials to impersonate users, access protected APIs, or compromise systems, leading to data breaches, unauthorized actions, and potential loss of trust or compliance violations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code contains a hard-coded New Relic User API ID, which exposes sensitive credentials directly in the source code. Storing secrets this way makes them vulnerable to accidental leaks and unauthorized access.

Impact

If an attacker gains access to the hard-coded API ID, they could use it to access or manipulate your New Relic account, potentially viewing sensitive monitoring data or disrupting application monitoring. This may also lead to compliance violations and increased risk if the code is shared or committed to public repositories.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An Airtable API key was found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose, especially if the repository is shared or made public.

Impact

If an attacker obtains this API key, they could access, modify, or delete data in your Airtable account. This can lead to data breaches, loss of sensitive information, and unauthorized actions within your organization’s Airtable workspaces.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive credentials, such as API keys or secrets, have been found directly in the source code. Storing credentials in code makes them easily accessible to anyone with code access, including attackers.

Impact

If these hard-coded secrets are leaked (e.g., through a public repository), attackers could gain unauthorized access to services or data, potentially leading to data breaches, service abuse, or financial loss for the organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An EasyPost test API token has been found hard-coded in your source code. Storing credentials directly in code makes them visible to anyone with access to the repository.

Impact

If exposed, these credentials could allow unauthorized users to interact with your EasyPost account, potentially leading to misuse of services, data leaks, or fraudulent activity. This increases the risk of account compromise and may violate security policies or compliance requirements.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Mattermost access tokens were detected in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access and risks accidental exposure.

Impact

If these tokens are leaked or committed, attackers could gain unauthorized access to your Mattermost instance, potentially reading or modifying messages, accessing sensitive data, or impersonating users. This can lead to data breaches and compromise the security of your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Flutterwave encryption keys have been found directly in the source code. Storing credentials like API keys in code makes them easily accessible to anyone with code access, increasing the risk of exposure.

Impact

If attackers obtain these hard-coded keys, they could perform unauthorized transactions, access sensitive payment data, or impersonate your application on Flutterwave. This can lead to financial loss, data breaches, and reputational damage for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An Algolia API key has been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with access to the repository, increasing the risk of secret leaks.

Impact

If an attacker obtains this API key, they could access or manipulate your Algolia search data, potentially leading to unauthorized data exposure, service abuse, or increased costs. This could compromise user privacy and the integrity of your application.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Finicity API token was found hard-coded in the source code. Storing credentials directly in code exposes sensitive information and makes it easy for attackers to access these secrets if the code is leaked or shared.

Impact

If an attacker obtains a hard-coded Finicity API token, they could gain unauthorized access to financial data or services, leading to potential data breaches, fraud, and significant reputational or financial damage to your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Yandex access token has been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with repository access, increasing the risk of secret leaks.

Impact

If exposed, attackers can use the hard-coded Yandex access token to gain unauthorized access to sensitive Yandex services or data. This could lead to data breaches, service misuse, or financial loss for the organization.