Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Gitter access token appears to be hard-coded directly in the source code. Storing credentials in code makes them easy to leak and exposes them to anyone with access to the repository.
Impact#
If this token is exposed, attackers could gain unauthorized access to your Gitter account or services, potentially allowing them to read or send messages, access sensitive data, or impersonate your application. This could lead to data breaches or abuse of your organization’s resources.