Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Doppler API token was found hard-coded in the source code. Storing sensitive credentials like API tokens directly in code can expose them to anyone with code access, posing a security risk.
Impact#
If an attacker obtains this token, they could access or manipulate your Doppler secrets, potentially leading to unauthorized access, data breaches, or compromise of other connected systems. This can result in loss of sensitive data and damage to organizational security.