Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive credentials, such as GitLab Personal Access Tokens, have been found hard-coded directly in the source code. Storing secrets this way exposes them to anyone with code access, increasing the risk of credential leaks.

Impact

If attackers obtain these hard-coded credentials, they can gain unauthorized access to your GitLab account or repositories, potentially leading to code theft, data modification, or further compromise of your organization’s systems.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

DigitalOcean Personal Access Tokens (PATs) have been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and is not a secure practice.

Impact

If attackers gain access to these hard-coded tokens, they could use them to access, modify, or delete resources in your DigitalOcean account. This could lead to data breaches, service disruptions, unauthorized infrastructure changes, and potential financial loss.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Square API access token was found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of unauthorized use.

Impact

If attackers obtain the exposed access token, they could interact with your Square account, potentially making unauthorized transactions, accessing sensitive data, or causing financial loss. This could lead to account compromise, data breaches, and reputational damage to your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Mailchimp API key was found hard-coded in the source code. Storing credentials directly in code can expose sensitive information if the code is shared or leaked.

Impact

If an attacker obtains the hard-coded API key, they could access your Mailchimp account, view or modify mailing lists, send unauthorized emails, or steal sensitive user data, potentially leading to data breaches or unauthorized account usage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

GitHub OAuth tokens were found hard-coded in the source code. Storing sensitive credentials directly in code makes them easy to accidentally share or expose, increasing the risk of unauthorized access.

Impact

If attackers obtain these tokens, they can access your GitHub repositories, modify code, steal intellectual property, or escalate to other systems, potentially resulting in data breaches, service disruptions, or further compromise of your organization’s assets.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Dynatrace API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally leak, especially if the repository is shared or made public.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Dynatrace account, potentially exposing sensitive monitoring data or modifying monitoring configurations. This could lead to data breaches, service disruptions, or unauthorized changes to your infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Stripe access token has been found hard-coded in the source code. Storing sensitive credentials like API keys directly in code makes them vulnerable to accidental exposure and unauthorized access.

Impact

If attackers obtain this access token, they could make unauthorized transactions, view or manipulate customer data, or abuse your Stripe account, leading to potential financial loss, data breaches, and reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Postman API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally leak, especially if the repository is shared or made public.

Impact

If exposed, attackers could use the leaked Postman API token to access your Postman account, view or modify APIs, and potentially compromise sensitive data or development environments. This can lead to data theft, service disruption, or abuse of your infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A RubyGems API token has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose, leading to unauthorized access if the code is shared or leaked.

Impact

If attackers obtain this token, they could access or modify your RubyGems account, potentially publishing malicious packages or tampering with your gems. This can compromise your application’s integrity and damage your organization’s reputation.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

MessageBird client IDs appear to be hard-coded directly in the source code. Storing credentials in code makes them easily accessible to anyone with code access and increases the risk of accidental exposure.

Impact

If attackers obtain these credentials, they could gain unauthorized access to your MessageBird account, potentially sending messages, incurring costs, or exposing sensitive communications. This can lead to service abuse, data breaches, and financial or reputational damage.