Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Sensitive Flutterwave encryption keys have been found directly in the source code. Storing credentials like API keys in code makes them easily accessible to anyone with code access, increasing the risk of exposure.
Impact#
If attackers obtain these hard-coded keys, they could perform unauthorized transactions, access sensitive payment data, or impersonate your application on Flutterwave. This can lead to financial loss, data breaches, and reputational damage for your organization.