Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A GitHub Personal Access Token (PAT) has been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with code access, increasing the risk of unauthorized access.

Impact

If the token is leaked, attackers could use it to access your GitHub account or repositories, potentially leading to code theft, data loss, or malicious changes. This can compromise both your project’s security and the organization’s integrity.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An Intercom API key has been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of leaks.

Impact

If exposed, attackers could use the API key to access or manipulate your Intercom account, potentially leading to data breaches, unauthorized actions, or abuse of your organization’s resources. This can result in loss of sensitive customer information and reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Grafana Cloud API token appears to be hard-coded directly in the source code. Storing credentials in code makes them easy to accidentally expose, especially if the code is shared or published.

Impact

If an attacker gains access to this token, they could potentially access or manipulate your Grafana Cloud resources, leading to data breaches, unauthorized changes, or service disruptions. This could compromise sensitive monitoring data and impact system integrity.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Shippo API tokens have been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with code access, increasing the risk of secret leaks.

Impact

If attackers obtain these hard-coded API tokens, they can access or manipulate your Shippo account, potentially resulting in unauthorized shipments, data exposure, or financial loss. This also increases the risk of account takeover and service abuse if the code is shared or made public.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Travis CI access token appears to be hard-coded in the source code. Storing credentials directly in code exposes them to anyone with repository access and increases the risk of accidental leaks.

Impact

If an attacker obtains this token, they could access your Travis CI account, modify build configurations, access sensitive environment variables, or trigger builds. This could lead to unauthorized access, data leaks, or compromise of related systems.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A gitleaks cloudflare-global-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Zendesk API secret keys were found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose in version control or shared codebases.

Impact

If an attacker obtains these hard-coded Zendesk credentials, they could gain unauthorized access to your Zendesk account, potentially reading or modifying customer data, sending requests on your behalf, or disrupting support operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

The code contains a FreshBooks access token hard-coded directly in the source. Storing credentials in code makes them easy to accidentally expose and risks unauthorized access.

Impact

If attackers obtain this token, they could gain access to sensitive FreshBooks data or services, potentially leading to data breaches, financial loss, or unauthorized actions on behalf of your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Contentful Delivery API tokens have been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose and puts confidential access at risk.

Impact

If these tokens are leaked, attackers could gain unauthorized access to your Contentful data, potentially reading, modifying, or deleting content. This can lead to data breaches, loss of control over your content, and reputational or regulatory consequences.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A New Relic User API key has been found hard-coded in the source code. Storing credentials directly in code can expose them to anyone with access to the repository, increasing the risk of unauthorized access.

Impact

If this API key is leaked, attackers could access sensitive application performance data or manipulate New Relic services, potentially leading to data breaches, service disruption, or unexpected costs for your organization.