Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Duffel API tokens were found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with access to the repository, increasing the risk of accidental leaks.
Impact#
If these tokens are exposed, attackers could gain unauthorized access to your Duffel account, potentially viewing or manipulating sensitive data, performing unauthorized transactions, or abusing your resources. This can lead to data breaches, service disruption, and financial loss.