Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Sensitive credentials (such as client secrets) have been hard-coded directly into the source code. Storing secrets this way exposes them to anyone with code access, increasing the risk of accidental or malicious leaks.
Impact#
If exposed, attackers could use these credentials to impersonate users, access protected APIs, or compromise systems, leading to data breaches, unauthorized actions, and potential loss of trust or compliance violations.