Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Lob API key was found hard-coded in the source code. Storing credentials directly in code exposes sensitive secrets and makes them easy to leak or misuse.
Impact#
If attackers gain access to this API key, they could make unauthorized requests to Lob services, potentially incurring costs, accessing private data, or disrupting business operations. Hard-coded credentials are also difficult to rotate and manage securely.