Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Alibaba Access Key IDs are hard-coded directly into the source code, exposing sensitive credentials. Storing secrets this way makes it easy for attackers to find and misuse them if the code is shared or leaked.
Impact#
If an attacker obtains these hard-coded credentials, they could gain unauthorized access to Alibaba Cloud resources, potentially leading to data breaches, service disruptions, or financial loss for the organization.