Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Microsoft Outlook webhook URL has been found in the codebase, which likely exposes a secret endpoint used for automated notifications or integrations. Hardcoding such URLs can allow unauthorized access to your Outlook Team channel.
Impact#
If an attacker obtains this webhook URL, they could send unauthorized messages, spam, or malicious content directly into your Outlook Team channel, potentially leading to information leaks, disruption, or abuse of internal communications.