There is an implicit reference to "Microsoft.Identity.Client" in my asp .net core web api solution. Veracode has found several "Use of Hard-coded Password" flaws in this library (NuGet). Even after making an explicit reference to the latest version v4.55.0 of the library, the flaw prevails.
The below are the details of a flaw that was found in this library: Source: void !ctor(string, System.DateTimeOffset, System.DateTimeOffset, System.DateTimeOffset, System.Nullable, string, string, string): 11%
microsoft_identity_client_dll.Microsoft.Identity.Client.Cache.Items.MsalAccessTokenCacheItem
I checked the constructor in the class MsalAccessTokenCacheItem here and I don't see any password or secret hardcoded. I don't know if this is a false positive.
Can anyone please advise if this is an issue in the library or something wrong with how it is used in my solution?