Hardcoded Sensitive information in Code & Config/Log files
Some time developers forget to remove hardcoded sensitive information in the code and config/log files that can be used by malicious actors to perform severe attacks such as authentication bypass, unauthorized access of the server, unauthorized access of APIs, etc.
Hardcoded sensitive information, such as username/passwords, server IP addresses, and encryption keys, can expose the information to attackers. Anyone who has access to the class/exe/DLL files can decompile and discover sensitive information.
To decompile the application, we just need to open the exe file in dnspy tools, as shown below.