Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A GoCardless API token was found hard-coded in the source code. Storing sensitive credentials directly in code can expose them if the code is shared or leaked.
Impact#
If an attacker gains access to the exposed API token, they could perform unauthorized actions on your GoCardless account, such as initiating or modifying payments, leading to financial loss or data breaches.