Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Frame.io API token has been found hard-coded in the source code. Storing credentials directly in code exposes them to anyone with code access, increasing the risk of unauthorized use.

Impact

If this token is leaked, attackers could gain access to your Frame.io account, potentially viewing, modifying, or deleting sensitive media and project data. This can lead to data breaches, service disruptions, and reputational harm to your organization.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Discord client ID was found hard-coded in the source code. Storing credentials or sensitive identifiers directly in code increases the risk of accidental exposure and unauthorized access.

Impact

If this information is leaked, attackers could use it to impersonate your application or target your Discord integration. This could lead to abuse of your Discord bot or service, data leaks, or further compromise of your application’s security.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A Hugging Face organization API token was found hard-coded in the source code. Storing sensitive credentials directly in code exposes them to anyone with code access, increasing the risk of leaks.

Impact

If exposed, attackers could use this API token to access, modify, or delete resources in your Hugging Face organization. This could lead to data breaches, unauthorized changes, or loss of intellectual property, potentially impacting your organization’s security and reputation.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A New Relic Insert Key has been found hard-coded in the source code. Storing sensitive credentials directly in code makes it easy for them to be accidentally exposed or accessed by unauthorized users.

Impact

If this key is leaked, attackers could send fake or malicious data to your New Relic account, potentially corrupting monitoring data or incurring unexpected costs. This may also lead to broader compromise if attackers leverage the key to gain further insights into your infrastructure or operations.

Use of Hard-coded Credentials

Property
Languageregex
Severitylow
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

A HubSpot API key has been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose in version control or shared repositories.

Impact

If this API key is leaked, attackers could gain unauthorized access to your HubSpot account, potentially viewing, modifying, or deleting sensitive marketing and customer data. This could lead to data breaches, account compromise, and reputational damage.

Use of Hard-coded Credentials

Property
Languagego
Severityhigh
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelHigh

Description

The code uses a hard-coded key or secret for signing JWT tokens, embedding sensitive information directly in the source code. This exposes credentials to anyone with code access, increasing the risk of leaks.

Impact

If an attacker gains access to the hard-coded key, they could forge or tamper with JWT tokens, bypass authentication, or gain unauthorized access to protected resources. This can lead to data breaches, privilege escalation, and compromise of user accounts or application integrity.

Use of Hard-coded Credentials

Property
Languagekotlin
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelMedium
Impact LevelHigh
Likelihood LevelLow

Description

The code stores a password or secret value directly in the build.gradle.kts file. Hard-coding sensitive information in source code makes it easy for attackers or unauthorized users to access these secrets if the code is exposed.

Impact

If an attacker obtains the source code—through a code leak, repository compromise, or insider threat—they can extract hard-coded passwords and use them to gain unauthorized access to systems or data. This can lead to data breaches, service disruption, or further compromise of your infrastructure.

Use of Hard-coded Credentials

Property
Languagejava
Severitymedium
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelLow

Description

The code stores a JWT secret key directly in the source code as a hard-coded string. This exposes sensitive credentials and makes it easy for attackers to find and misuse them if the code is leaked or shared.

Impact

If an attacker gains access to the hard-coded secret, they can forge or manipulate JWT tokens, potentially bypassing authentication and gaining unauthorized access to protected resources. This can lead to data breaches, privilege escalation, and compromise of the entire application.

Use of Hard-coded Credentials

Property
Languagejavascript
Severityhigh
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelHigh

Description

Sensitive credentials like clientSecret, secretOrKey, or consumerSecret are hard-coded directly in the source code. Storing secrets this way makes them easy to accidentally expose, for example through version control or code sharing.

Impact

If an attacker gains access to these hard-coded credentials, they can impersonate your application, access protected resources, or compromise user accounts. This can lead to data breaches, unauthorized access, and loss of trust in your application.

Use of Hard-coded Credentials

Property
Languagejavascript
Severityhigh
CWECWE-798: Use of Hard-coded Credentials
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelHigh

Description

The code uses a hard-coded secret or key when creating or verifying JWTs. Storing secrets directly in source code makes them easy to discover, exposing them to anyone with code access.

Impact

If an attacker obtains the hard-coded secret, they could forge or tamper with JWT tokens, potentially gaining unauthorized access, impersonating users, or escalating privileges within your application.