CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
      • Generic
      • Java-jwt
      • Jedis
      • Jjwt
      • Ktor
      • Lang
      • Mongo
      • Okhttp
        • Secrets
          • Empty-credentials
          • Hardcoded-credentials
            • Okhttp3
              • Credentials
          • Hardcoded-secret-in-request-header-decoded
          • Hardcoded-secret-in-request-header-encoded
          • Hardcoded-secret-in-request-header
      • Openai
      • Spring
      • Sql
      • Xxe
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Okhttp3

Credentials

okhttp3.Credentials

A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-798: Use of Hard-coded Credentials
OWASP:
- A07:2021 - Identification and Authentication Failures
CredentialsHardcoded secret in request header decoded
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.