Use of Hard-coded Credentials
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
Sensitive credentials, such as AWS access keys or tokens, are stored directly in the source code. This exposes secrets to anyone with code access, making them easy to leak through version control or code sharing.
Impact#
If attackers obtain these hard-coded credentials, they can gain unauthorized access to cloud resources, potentially leading to data breaches, service disruption, or financial loss. Even internal leaks can result in privilege escalation or compromise of critical systems.