Description

The repository stores sensitive information such as users, passwords, emails, API credentials, among others.

Impact

Obtain sensitive information to compromise other resources or services

Recommendation

- Remove the hardcoded sensitive information and purge git logs - Change login credentials that were compromised. - Load sensitive data from secure sources such as key vault, encrypted configuration files or environment variables.

Threat

External attacker with access to source code.

Expected Remediation Time

⏱️ 90 minutes.

Requirements

Fixes