Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
An AWS session token has been found directly in the codebase. Storing sensitive credentials like AWS tokens in code exposes them to anyone with code access, making the application insecure.
Impact#
If attackers gain access to the exposed AWS session token, they could use it to authenticate as your application, potentially accessing, modifying, or deleting AWS resources. This could lead to data breaches, service disruption, and significant financial or reputational damage.