Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Slack legacy token is hard-coded in the source code, which exposes sensitive credentials directly within the repository. Storing secrets like API tokens in code makes them accessible to anyone with code access, risking accidental leaks.

Impact

If an attacker obtains this token, they could gain unauthorized access to your Slack workspace, read or send messages, and access sensitive information. This could lead to data breaches, loss of confidentiality, and potential abuse of your organization’s communication channels.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

GitLab Personal Access Tokens (PATs) are hard-coded in the source code. Storing sensitive credentials directly in code exposes them to anyone with code access, increasing the risk of accidental leaks.

Impact

If attackers obtain a hard-coded GitLab PAT, they can access your GitLab account or repositories, potentially leading to source code theft, unauthorized changes, or exposure of confidential data. This could compromise your organization’s security and integrity.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A SendGrid API token was found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally share or expose, increasing the risk of unauthorized access.

Impact

If this token is leaked, attackers could use it to send emails or access sensitive functionality on behalf of your organization, potentially leading to spam, phishing, data leaks, or service abuse. This could result in reputational damage, account compromise, or unexpected costs.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Twitter access tokens have been found hard-coded in the source code. Storing sensitive credentials like API tokens directly in code can expose them to unauthorized users if the code is shared or leaked.

Impact

If attackers gain access to these tokens, they could potentially control your Twitter account, post unauthorized tweets, access private data, or abuse the account for malicious activities, leading to reputational damage and possible compliance violations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Yandex AWS access tokens were found in the source code. Storing credentials directly in code makes them easy to accidentally expose in version control or code sharing.

Impact

If attackers obtain these hard-coded tokens, they could gain unauthorized access to your Yandex AWS resources, potentially leading to data breaches, resource manipulation, or service disruption. This can compromise sensitive information and put your infrastructure at risk.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Finnhub API access tokens have been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose in version control or shared codebases, putting sensitive information at risk.

Impact

If attackers obtain a hard-coded Finnhub access token, they could make unauthorized API requests, access or manipulate sensitive financial data, or incur unexpected costs. This could lead to data breaches, financial losses, or compromise of business operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Confluent access tokens are hard-coded directly into the source code. Storing credentials this way makes them easy to discover and exposes sensitive information to anyone with code access.

Impact

If attackers obtain these hard-coded tokens, they could gain unauthorized access to Confluent services, potentially leading to data breaches, service disruptions, or misuse of your infrastructure. This risk increases if the code repository is publicly accessible or shared widely.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Twitter API keys have been found directly in the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of accidental leaks.

Impact

If attackers gain access to these hard-coded Twitter API keys, they could impersonate your application, access or modify Twitter data, or abuse your account for malicious purposes. This can lead to unauthorized data access, reputation damage, and potential account suspension.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Twitter API secret credentials have been found hard-coded directly in the source code. Storing secrets in code makes them easily accessible to anyone with code access, risking accidental or malicious disclosure.

Impact

If leaked, attackers could use these credentials to access your Twitter account or perform unauthorized actions via the Twitter API, potentially leading to data breaches, account takeover, or abuse of your organization’s social media presence.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Telegram Bot API token has been found hard-coded in the source code. Storing sensitive credentials like API tokens directly in code makes them easy to accidentally expose, especially in public or shared repositories.

Impact

If someone obtains the hard-coded Telegram Bot token, they could control your bot, send messages, impersonate your service, or access private information, potentially leading to data leaks, spam, or abuse of your Telegram account.