Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A HashiCorp Terraform API token appears to be hard-coded directly into the source code. Storing credentials in code exposes them to anyone with access to the repository, increasing the risk of secret leaks.
Impact#
If an attacker gains access to this token, they could interact with your Terraform resources, potentially altering infrastructure, accessing sensitive data, or causing service disruptions. This could lead to unauthorized changes, data breaches, and significant security incidents for your organization.