Most of the web applications rely on a database to provide features to their users. In secure designs, consuming these private or cloud databases will require authentication like username and password based credentials.
Developers sometimes hard code such data in various places of their applications, without realizing that it could become publicly available in client-side JavaScript or, for example, HTML comments. By leveraging these sensitive information, a remote and unauthenticated attacker could gain privileged access to critical services used by the web application and the organization.
No source data