Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
An OpenAI API key has been found hard-coded in the source code. Storing sensitive credentials in code exposes them to anyone with code access, increasing the risk of unauthorized use.
Impact#
If an attacker obtains the exposed API key, they could make unauthorized requests to the OpenAI API, potentially incurring unexpected costs, accessing sensitive data, or abusing your account. This could lead to financial loss, data breaches, or service disruption for your organization.