An attacker examines a target application's code or configuration files to
						find credential or key material that has been embedded within the
						application or its files. Many services require authentication with their
						users for the various purposes including billing, access control or
						attribution. Some client applications store the user's authentication
						credentials or keys to accelerate the login process. Some clients may have
						built-in keys or credentials (in which case the server is authenticating
						with the client, rather than the user). If the attacker is able to locate
						where this information is stored, they may be able to retrieve these
						credentials. The attacker could then use these stolen credentials to
						impersonate the user or client, respectively, in interactions with the
						service or use stolen keys to eavesdrop on nominally secure communications
						between the client and server.