Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A GitHub refresh token appears to be hard-coded directly in the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of secret leakage.
Impact#
If this token is exposed, attackers could use it to access or manipulate your GitHub account or repositories, potentially leading to data theft, code tampering, or unauthorized access to sensitive resources.