Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
An Artifactory token appears to be present directly in the codebase. Storing authentication tokens in source code exposes sensitive credentials to anyone with code access, including version control history.
Impact#
If an attacker obtains this token, they could gain unauthorized access to your Artifactory repositories, potentially allowing them to read, modify, or delete artifacts. This could lead to code theft, tampering with build artifacts, or disruption of your software supply chain.