Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Usernames and passwords are being included directly in URIs within the code. This exposes sensitive credentials in plain text, making them easily accessible to anyone who can view the code, logs, or network traffic.
Impact#
If exploited, attackers could steal these hard-coded credentials to gain unauthorized access to databases, servers, or other services, potentially leading to data breaches, service disruption, or further compromise of your systems.