Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Discord client secret (API credential) is hard-coded directly in the source code. Storing credentials in code makes them easy to accidentally expose in version control or public repositories.
Impact#
If the secret is leaked, attackers can access your Discord application as if they were you, potentially resulting in data theft, message spoofing, or abuse of your Discord bot. This can lead to compromised accounts, reputation damage, or unauthorized actions within Discord.