Use of Hard-coded Credentials
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
Sensitive credentials like clientSecret, secretOrKey, or consumerSecret are hard-coded directly in the source code. Storing secrets this way makes them easy to accidentally expose, for example through version control or code sharing.
Impact#
If an attacker gains access to these hard-coded credentials, they can impersonate your application, access protected resources, or compromise user accounts. This can lead to data breaches, unauthorized access, and loss of trust in your application.