Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Snyk API tokens are hard-coded directly into the source code. Storing credentials this way exposes them to anyone with access to the code repository, making it easy for secrets to be accidentally leaked.

Impact

If an attacker obtains the exposed Snyk API token, they could access your Snyk account, view or modify vulnerability data, or abuse your security scanning resources, potentially leading to compromised project security and unauthorized use of your services.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Flutterwave secret keys have been found hard-coded in the source code. Storing credentials directly in code makes them easy to leak and exposes them to anyone with code access.

Impact

If attackers obtain these secret keys, they could access or manipulate your Flutterwave payment services, potentially leading to fraudulent transactions, data breaches, or financial losses for your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Heroku API key appears to be hard-coded directly in the source code. Storing sensitive credentials in code exposes them to anyone with repository access and increases the risk of accidental leaks.

Impact

If an attacker obtains this API key, they could gain unauthorized access to your Heroku account, modify or delete apps, access sensitive data, or incur costs. This can lead to service disruption, data breaches, and potential financial and reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Sendinblue API tokens were found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose through version control or code sharing.

Impact

If these API tokens are leaked, attackers could gain unauthorized access to your Sendinblue account, allowing them to send emails, access contact lists, or abuse your email infrastructure. This could lead to data breaches, spam, or reputational and financial damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Plaid API secret keys have been found hard-coded directly in the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of unauthorized access.

Impact

If attackers obtain the hard-coded Plaid secret key, they could access financial data or perform unauthorized actions on behalf of your application. This could lead to data breaches, financial fraud, and compromise of user privacy, potentially resulting in regulatory and reputational damage.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A LaunchDarkly access token was found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with code access, increasing the risk of unauthorized use.

Impact

If this token is leaked, attackers could gain access to your LaunchDarkly account, potentially changing feature flags, accessing sensitive project data, or disrupting application behavior. This can lead to security breaches, data loss, or service disruptions.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Sendbird access credentials were found in the source code. Storing secrets directly in code makes them easy to discover and misuse if the codebase is leaked or shared.

Impact

If attackers obtain these hard-coded credentials, they could gain unauthorized access to Sendbird services, potentially exposing user data, enabling impersonation, or disrupting communication features. This can lead to data breaches, service abuse, and regulatory violations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded Asana client secrets have been found in the source code. Storing credentials directly in code makes them easy to extract, exposing sensitive data and access to unauthorized parties.

Impact

If attackers gain access to the client secret, they could impersonate your application, access Asana APIs, or manipulate project data. This can lead to data breaches, unauthorized changes, and compromise of your organization’s Asana resources.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

An Okta access token was found hard-coded in the source code. Storing credentials directly in code exposes sensitive information to anyone with code access and increases the risk of accidental leaks.

Impact

If attackers obtain this token, they could gain unauthorized access to Okta-protected resources or user accounts, leading to data breaches, privilege escalation, or compromise of organizational systems.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Alibaba Access Key IDs are hard-coded directly into the source code, exposing sensitive credentials. Storing secrets this way makes it easy for attackers to find and misuse them if the code is shared or leaked.

Impact

If an attacker obtains these hard-coded credentials, they could gain unauthorized access to Alibaba Cloud resources, potentially leading to data breaches, service disruptions, or financial loss for the organization.