Files
nick-doc/Issues/ISSUE-115-frontend-real-plaintext-credentials-in-committed-scripts.md
Siavash Sameni dceaf82934 audit: 2026-05-30 full-codebase audit — report, issues, docs, runbooks
Full-codebase-audit 2026-05-30 outputs:
- Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md
- 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer).
- Scanner docs from scratch (was zero): architecture, data model, API ref, payment
  flow, operations runbook + repo README.
- Doc-sync updates across API reference, data models, flows, design system.
- Secret Rotation Runbook (08 - Operations) for the exposed credentials.
- Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js.

Issues remain status:open intentionally — the code fixes are uncommitted-then-committed
working-tree changes per repo and aren't "resolved" until merged/deployed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00

1.1 KiB

issue, title, severity, domain, labels, status, created, source
issue title severity domain labels status created source
115 Frontend: real plaintext credentials in committed scripts/show-credentials.sh low Security
security
frontend
secrets
rotation-required
open 2026-05-30 Full Codebase Audit 2026-05-30

Frontend: real plaintext credentials in committed scripts/show-credentials.sh

Severity: low Domain: Security Labels: security, frontend, secrets, rotation-required

Description

frontend/scripts/show-credentials.sh:8 contains hardcoded credentials including the password Moji6364. If this account exists in any real environment, the password must be rotated.

Options

  1. Delete the scripts and rotate the password if the account is real.
  2. Replace hardcoded creds with env-var prompts.
  3. Keep scripts but move creds out and rotate.

Recommendation

Remove the hardcoded credentials (use env-var prompts instead) and rotate the account password if it exists in any real environment.

Affected Files

  • frontend/scripts/show-credentials.sh:8

References