Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
An AWS Secret Access Key appears to be hard-coded directly into the codebase. Storing sensitive credentials in code exposes them to anyone with access to the repository, making them easy to leak or misuse.
Impact#
If attackers obtain this key, they can gain full access to your AWS resources, potentially leading to data theft, service disruption, financial loss, and unauthorized changes to your cloud infrastructure. This can severely compromise both security and business operations.