Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Your code or configuration contains a Google OAuth client ID, which should not be exposed in public repositories or codebases. Exposing this information can make it easier for attackers to target your OAuth integration.
Impact#
If attackers discover your Google OAuth client ID, they could attempt phishing or abuse authentication flows, potentially leading to unauthorized access or compromising user accounts. This can result in data leaks or damage to user trust in your application.