Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Telegram Bot API token has been found hard-coded in the source code. Storing sensitive credentials like API tokens directly in code makes them easy to accidentally expose, especially in public or shared repositories.
Impact#
If someone obtains the hard-coded Telegram Bot token, they could control your bot, send messages, impersonate your service, or access private information, potentially leading to data leaks, spam, or abuse of your Telegram account.