Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Finnhub API access tokens have been found hard-coded in the source code. Storing credentials directly in code makes them easy to accidentally expose in version control or shared codebases, putting sensitive information at risk.
Impact#
If attackers obtain a hard-coded Finnhub access token, they could make unauthorized API requests, access or manipulate sensitive financial data, or incur unexpected costs. This could lead to data breaches, financial losses, or compromise of business operations.