Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Bitbucket client secret has been found hard-coded in the source code. Storing sensitive credentials directly in code exposes them to anyone with access to the repository, making them vulnerable to leaks.

Impact

If exposed, attackers could use the leaked Bitbucket client secret to gain unauthorized access to Bitbucket APIs or services, potentially leading to code theft, manipulation, or further compromise of your development infrastructure.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

AWS access tokens are hard-coded directly in the source code. Storing credentials this way makes it easy for anyone with code access to retrieve sensitive secrets.

Impact

If exposed, attackers could use these credentials to access your AWS resources, potentially leading to data breaches, unauthorized infrastructure changes, or financial loss through resource misuse.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Shopify access token has been found hard-coded in the source code. Storing credentials in code makes them visible to anyone with access to the repository, increasing the risk of accidental leaks.

Impact

If an attacker gains access to the exposed token, they could interact with your Shopify store’s APIs, potentially viewing, modifying, or deleting sensitive store data. This could lead to unauthorized transactions, data breaches, or disruption of business operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Lob API key was found hard-coded in the source code. Storing credentials directly in code exposes sensitive secrets and makes them easy to leak or misuse.

Impact

If attackers gain access to this API key, they could make unauthorized requests to Lob services, potentially incurring costs, accessing private data, or disrupting business operations. Hard-coded credentials are also difficult to rotate and manage securely.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Alibaba cloud credentials appear to be hard-coded directly in the source code. Storing secrets in code makes them easy to accidentally expose through version control or sharing.

Impact

If attackers obtain these credentials, they can access your Alibaba cloud resources, potentially leading to data breaches, unauthorized resource usage, or financial loss. This exposure puts both your application’s security and your organization’s assets at risk.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Hard-coded credentials have been found in the source code. Storing sensitive information like passwords, API keys, or tokens directly in code can expose them to anyone with access to the repository.

Impact

If attackers gain access to the hard-coded credentials, they could use them to access internal systems, compromise data, or escalate privileges. This puts both the application’s security and sensitive data at risk, potentially leading to unauthorized access or data breaches.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Discord client secret (API credential) is hard-coded directly in the source code. Storing credentials in code makes them easy to accidentally expose in version control or public repositories.

Impact

If the secret is leaked, attackers can access your Discord application as if they were you, potentially resulting in data theft, message spoofing, or abuse of your Discord bot. This can lead to compromised accounts, reputation damage, or unauthorized actions within Discord.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A gitleaks dropbox-short-lived-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Squarespace access token appears to be hard-coded in the source code. Storing sensitive credentials directly in code exposes them to anyone with access to the repository, increasing the risk of unauthorized use.

Impact

If exposed, attackers could use the access token to gain unauthorized access to Squarespace resources or accounts, potentially leading to data leaks, website defacement, or other malicious actions. This can compromise both user data and business operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive Facebook credentials appear to be hard-coded directly in the source code. Storing secrets like API keys or tokens this way can expose them to anyone with code access, including through public repositories.

Impact

If attackers obtain these credentials, they could access or control your Facebook integrations, steal data, impersonate your application, or abuse your account for malicious purposes. This could lead to data breaches, account compromise, or reputational damage.