Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Sensitive credentials, such as passwords, are hard-coded directly into the source code. This exposes secrets to anyone with code access and increases the risk of accidental leaks through version control or code sharing.
Impact#
If attackers gain access to the source code, they can easily extract hard-coded credentials, allowing unauthorized access to critical systems or data. This can lead to data breaches, service disruption, or further compromise of infrastructure.