Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Yandex access token has been found hard-coded in the source code. Storing credentials directly in code makes them easily accessible to anyone with repository access, increasing the risk of secret leaks.
Impact#
If exposed, attackers can use the hard-coded Yandex access token to gain unauthorized access to sensitive Yandex services or data. This could lead to data breaches, service misuse, or financial loss for the organization.