Non-encrypted confidential information - Base 64
Description
Base64 credentials are stored in the source code.
Impact
Obtain service credentials.
Recommendation
- Change the login credentials that were compromised. - Purge git history of affected sensitive data. - Upload sensitive data from secure sources such as: key vault services, configuration files that are properly encrypted.
Threat
Attacker with access to source code from the Internet.
Expected Remediation Time
⏱️ 60 minutes.