Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Hard-coded Asana client secrets have been found in the source code. Storing credentials directly in code makes them easy to extract, exposing sensitive data and access to unauthorized parties.
Impact#
If attackers gain access to the client secret, they could impersonate your application, access Asana APIs, or manipulate project data. This can lead to data breaches, unauthorized changes, and compromise of your organization’s Asana resources.