Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Slack legacy bot tokens are hard-coded directly into the source code, exposing sensitive credentials. Storing secrets in code makes them easily accessible to anyone with code access, increasing the risk of leaks.
Impact#
If attackers obtain these hard-coded Slack bot tokens, they can gain unauthorized access to your Slack workspace, send messages, read private channels, or impersonate bots. This can lead to data breaches, unauthorized actions, and compromised internal communications.