Use of Hard-coded Credentials
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code uses a hardcoded passphrase for RSA private key encryption, storing sensitive secrets directly in the source code. This makes it easy for anyone with code access to discover and misuse the passphrase.
Impact#
If an attacker obtains the passphrase from the codebase, they can decrypt private keys, impersonate users, or access protected resources. This can lead to data breaches, unauthorized access, and compromise of sensitive systems.