Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code contains a hard-coded Finicity client secret, meaning sensitive credentials are written directly into the source code. This practice makes it easy for unauthorized users to access these secrets if the code is shared or leaked.
Impact#
If an attacker obtains the hard-coded client secret, they could access Finicity APIs or services as your application, potentially exposing sensitive financial data or enabling fraudulent transactions. This can lead to data breaches, financial loss, and regulatory violations.