DerScanner
Home / Vulnerability Database / JavaScript : Web3: Hardcoded Infura API key
JavaScript

JavaScript : Web3: Hardcoded Infura API key

Classification

OWASP Top 10 2021
A4-Insecure Design
CWE
CWE-257CWE-522CWE-798
CWE/SANS Top 25 2011
CWE-798
CWE/SANS Top 25 2021
CWE-522CWE-798

Overview

Web3 library is probably used.

Infura API key is hardcoded in the source code.

References

  1. The best way to store secrets in your app is not to store secrets in your app - poka-techblog
  2. Truffle tutorial
  3. CWE-798: Use of Hard-coded Credentials
CRITICAL

DerScanner Severity Score

Do you want to fix JavaScript : Web3: Hardcoded Infura API key in your application?

See also

JavaScript

JavaScript : Null salt

JavaScript

JavaScript : Empty encryption key

JavaScript

JavaScript : Unsafe Azure access control