Exposure of Sensitive Information to an Unauthorized Actor
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Sensitive information such as passwords, secrets, or API keys is being hardcoded directly into source code. This makes these credentials easy to discover if the code is shared, published, or accessed by unauthorized users.
Impact#
If attackers gain access to the source code, they can extract these secrets to compromise accounts, access private APIs, or escalate privileges within your systems. This can lead to data breaches, unauthorized access, and significant damage to your application’s security and reputation.