Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
An EasyPost test API token has been found hard-coded in your source code. Storing credentials directly in code makes them visible to anyone with access to the repository.
Impact#
If exposed, these credentials could allow unauthorized users to interact with your EasyPost account, potentially leading to misuse of services, data leaks, or fraudulent activity. This increases the risk of account compromise and may violate security policies or compliance requirements.