Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Sensitive Linux shadow file content, which stores hashed user passwords, has been detected in your codebase. Including this file exposes confidential authentication data and should never be committed to source control.
Impact#
If attackers gain access to the shadow file, they can attempt to crack user passwords, potentially leading to full system compromise. This can result in unauthorized access, data breaches, and loss of trust in your application’s security.