Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A hard-coded EasyPost API token was found in the codebase. Storing credentials directly in source code makes them easy to accidentally leak and exposes sensitive access to anyone with code access.
Impact#
If exposed, attackers could use the leaked EasyPost API token to access, modify, or abuse your shipping and logistics services, potentially resulting in unauthorized transactions, data breaches, or financial loss for your organization.