Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Confluent access tokens are hard-coded directly into the source code. Storing credentials this way makes them easy to discover and exposes sensitive information to anyone with code access.
Impact#
If attackers obtain these hard-coded tokens, they could gain unauthorized access to Confluent services, potentially leading to data breaches, service disruptions, or misuse of your infrastructure. This risk increases if the code repository is publicly accessible or shared widely.