Use of Hard-coded Credentials
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code stores a password or secret value directly in the build.gradle.kts file. Hard-coding sensitive information in source code makes it easy for attackers or unauthorized users to access these secrets if the code is exposed.
Impact#
If an attacker obtains the source code—through a code leak, repository compromise, or insider threat—they can extract hard-coded passwords and use them to gain unauthorized access to systems or data. This can lead to data breaches, service disruption, or further compromise of your infrastructure.