Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Lob public API key has been found hard-coded in the source code. Storing API keys or credentials in code exposes them to anyone with code access, increasing the risk of accidental leaks.
Impact#
If this key is exposed, attackers could use it to interact with the Lob API on your behalf, potentially sending unauthorized requests, consuming resources, or accessing sensitive data. This can lead to service abuse, financial loss, or data compromise.